Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by David at 2014-04-06 13:42:49 Run:1 Running from D:\Users\David\Desktop\scan2 Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKCU - ${searchCLSID} URL = http://search.yahoo.com/search?fr=megaup&p={searchTerms} Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File FF HKLM-x32\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - D:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ Task: {3873F58E-CBB8-44FA-AAA3-75C2C807208D} - System32\Tasks\{AF49E738-4A4D-4A84-904E-12E9B3A556DF} => D:\Program Files (x86)\Fifa Master13\File Master 13\FileMaster13.exe Task: {5D5A3B1F-7418-4BC9-947C-2810188BAF77} - System32\Tasks\{62CD2CF1-14DD-4EAC-B3EC-CAE21747CA3B} => D:\Program Files (x86)\Fifa Master13\File Master 13\FileMaster13.exe Task: {8D8B73C3-A3FD-4F15-9DF8-ECF0274FB82C} - System32\Tasks\Scheduled Update for Ask Toolbar => D:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION D:\Users\David\AppData\Local\Google\Chrome AlternateDataStreams: D:\Windows:952901870E3EBEC1 AlternateDataStreams: D:\ProgramData\TEMP:0888F409 AlternateDataStreams: D:\ProgramData\TEMP:3440EB47 AlternateDataStreams: D:\ProgramData\TEMP:66633281 AlternateDataStreams: D:\ProgramData\TEMP:6CC69D3C AlternateDataStreams: D:\ProgramData\TEMP:890CC2F3 AlternateDataStreams: D:\Users\David\Cookies:ZegzUBNyvuM0zbfahwSiE5ZOTJ AlternateDataStreams: D:\Users\David\AppData\Local\Temp:q5Re1hGEE6pCE2bsiQ0R AlternateDataStreams: D:\Users\David\AppData\Local\Temp:SVEKosUurJHI6rTTO2oHEU6MGCQ S1 ntiomin; No ImagePath S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] S3 androidusb; System32\Drivers\lgandadb.sys [X] U4 bdselfpr; S3 esgiguard; \??\D:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 NVR0Dev; \??\D:\Windows\nvoclk64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CLPSLS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Ad-Aware Service" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CacheBoost Service" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ST2012_Svc" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Antivirus" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CacheBoost" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CPA" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F.lux" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SBRegRebootCleaner" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminatorShield" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminatorUpdater" /f ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID} => Key deleted successfully. HKCR\CLSID\${searchCLSID} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3873F58E-CBB8-44FA-AAA3-75C2C807208D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3873F58E-CBB8-44FA-AAA3-75C2C807208D} => Key deleted successfully. D:\Windows\System32\Tasks\{AF49E738-4A4D-4A84-904E-12E9B3A556DF} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF49E738-4A4D-4A84-904E-12E9B3A556DF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D5A3B1F-7418-4BC9-947C-2810188BAF77} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D5A3B1F-7418-4BC9-947C-2810188BAF77} => Key deleted successfully. D:\Windows\System32\Tasks\{62CD2CF1-14DD-4EAC-B3EC-CAE21747CA3B} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62CD2CF1-14DD-4EAC-B3EC-CAE21747CA3B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D8B73C3-A3FD-4F15-9DF8-ECF0274FB82C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D8B73C3-A3FD-4F15-9DF8-ECF0274FB82C} => Key deleted successfully. D:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully. D:\Users\David\AppData\Local\Google\Chrome => Moved successfully. D:\Windows => ":952901870E3EBEC1" ADS removed successfully. D:\ProgramData\TEMP => ":0888F409" ADS removed successfully. D:\ProgramData\TEMP => ":3440EB47" ADS removed successfully. D:\ProgramData\TEMP => ":66633281" ADS removed successfully. D:\ProgramData\TEMP => ":6CC69D3C" ADS removed successfully. D:\ProgramData\TEMP => ":890CC2F3" ADS removed successfully. "D:\Users\David\Cookies" => ":ZegzUBNyvuM0zbfahwSiE5ZOTJ" ADS not found. D:\Users\David\AppData\Local\Temp => ":q5Re1hGEE6pCE2bsiQ0R" ADS removed successfully. D:\Users\David\AppData\Local\Temp => ":SVEKosUurJHI6rTTO2oHEU6MGCQ" ADS removed successfully. ntiomin => Service deleted successfully. AndNetDiag => Service deleted successfully. AndNetGps => Service deleted successfully. ANDNetModem => Service deleted successfully. andnetndis => Service deleted successfully. androidusb => Service deleted successfully. bdselfpr => Service deleted successfully. esgiguard => Service deleted successfully. massfilter => Service deleted successfully. NVR0Dev => Service deleted successfully. VBoxNetFlt => Service deleted successfully. ZTEusbmdm6k => Service deleted successfully. ZTEusbnmea => Service deleted successfully. ZTEusbser6k => Service deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CLPSLS => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => Key deleted successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Ad-Aware Service" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\CacheBoost Service" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ST2012_Svc" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Antivirus" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CacheBoost" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CPA" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F.lux" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SBRegRebootCleaner" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminatorShield" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminatorUpdater" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====