Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014 Ran by Krystian at 2014-04-29 22:54:43 Run:1 Running from C:\Users\Krystian\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software) -> hxxp://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 ShortcutWithArgument: C:\Users\Krystian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 ShortcutWithArgument: C:\Users\Krystian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 ShortcutWithArgument: C:\Users\Krystian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 ShortcutWithArgument: C:\Users\Krystian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 ShortcutWithArgument: C:\Users\Krystian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 ShortcutWithArgument: C:\Users\Krystian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera11.61 1250.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software) -> hxxp://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=ds&ts=1398397853&from=smt&uid=WDCXWD6400BEVT-80A0RT0_WD-WXE1A30H0558H0558&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No File Task: {4B627FC8-228D-4E47-96DF-148B67099E92} - \Driver Booster Update No Task File <==== ATTENTION Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ooVoo.exe" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f C:\Program Files (x86)\SupTab C:\ProgramData\IePluginService C:\Users\Krystian\AppData\Roaming\SupTab C:\Users\Krystian\AppData\Roaming\qone8 C:\Users\Public\Documents\GOOBZO C:\Users\Public\Documents\ShopperPro Reboot: ***************** [1328] C:\ProgramData\IePluginService\PluginService.exe => Process closed successfully. IePluginService => Service deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Krystian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\Krystian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument was restored successfully. C:\Users\Krystian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Krystian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\Users\Krystian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Krystian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera11.61 1250.lnk => Shortcut argument was removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B627FC8-228D-4E47-96DF-148B67099E92} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B627FC8-228D-4E47-96DF-148B67099E92} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update => Key deleted successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ooVoo.exe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= C:\Program Files (x86)\SupTab => Moved successfully. C:\ProgramData\IePluginService => Moved successfully. C:\Users\Krystian\AppData\Roaming\SupTab => Moved successfully. C:\Users\Krystian\AppData\Roaming\qone8 => Moved successfully. C:\Users\Public\Documents\GOOBZO => Moved successfully. C:\Users\Public\Documents\ShopperPro => Moved successfully. The system needed a reboot. ==== End of Fixlog ====