Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by cwirek at 2014-01-05 18:01:21 Run:1
Running from D:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Windows\SysWOW64\{$3496-8737-3294-4624-4253$}\appsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
HKLM-x32\...\Run: [Application Services] - C:\Windows\System32\taskmgr.exe [257024 2010-11-21] (Microsoft Corporation)
HKCU\...\CurrentVersion\Windows: [Load] C:\Windows\SysWOW64\{$3496-8737-3294-4624-4253$}\appsvc.exe
C:\Windows\SysWOW64\{$3496-8737-3294-4624-4253$}
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
Startup: C:\Users\cwirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1378158134
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=SAMSUNGXHD103SJ_S246J9KB517054&ts=1380212055&type=default&q={searchTerms}
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
*****************

[2184] C:\Windows\SysWOW64\{$3496-8737-3294-4624-4253$}\appsvc.exe => Process closed successfully.
C:\Windows\SysWOW64\wscript.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Application Services => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
C:\Windows\SysWOW64\{$3496-8737-3294-4624-4253$} => Moved successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key not found.
C:\Users\cwirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml => Moved successfully.

==== End of Fixlog ====