Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 Ran by lenovo at 2014-10-06 17:19:29 Run:1 Running from C:\Users\lenovo\Downloads Loaded Profiles: UpdatusUser & lenovo (Available profiles: UpdatusUser & lenovo) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R2 Update WiseEnhance; C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe [523040 2014-10-06] () R2 Util WiseEnhance; C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe [523040 2014-10-06] () R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120 2014-04-24] (StdLib) R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64.sys [44736 2014-09-16] (StdLib) U3 BcmSqlStartupSvc; No ImagePath U2 CLKMSVC10_3A60B698; No ImagePath U2 CLKMSVC10_C3B3B687; No ImagePath U2 CscService; No ImagePath U2 DriverService; No ImagePath U2 iATAgentService; No ImagePath U2 idealife Update Service; No ImagePath U3 IGRS; No ImagePath U2 IviRegMgr; No ImagePath U2 Oasis2Service; No ImagePath U2 PCCarerService; No ImagePath U2 ReadyComm.DirectRouter; No ImagePath U2 RichVideo; No ImagePath U2 RtLedService; No ImagePath U2 SeaPort; No ImagePath U2 SoftwareService; No ImagePath U3 SQLWriter; No ImagePath Task: {0CC954F6-D5F5-486D-9EC7-90920EC833AC} - System32\Tasks\bench-S-1-5-21-2123458673-1839242927-792592233-1001 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION Task: {53F3283C-E751-4FD9-B9DD-8BFE1E97139D} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe Task: {6C520B11-F119-4BB9-A698-9F716D871702} - System32\Tasks\Yahoo! Search Udpater => C:\Users\lenovo\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe Task: {99F28FC2-1FA3-405F-8259-4EAA8252322E} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION Task: {A6506E7F-5C4F-405A-896C-7A673759FEA4} - System32\Tasks\Yahoo! Search => C:\Users\lenovo\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe Task: {F7DEE8FA-B148-45D6-B069-4D9E6859742F} - System32\Tasks\DealPly => C:\Users\lenovo\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\bench-S-1-5-21-2123458673-1839242927-792592233-1001.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION HKU\S-1-5-21-2123458673-1839242927-792592233-1000\...\Run: [Power2GoExpress] => NA HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=153 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=8A449C4E362FAAD5 SearchScopes: HKCU - {5383BF9D-FAA2-4481-AF3E-E6643038496D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} BHO-x32: Deals Plugin Extension -> {11111111-1111-1111-1111-110211181106} -> C:\Program Files (x86)\Deals Plugin Extension\Deals Plugin Extension.dll (215 Apps) BHO-x32: WiseEnhance -> {bc8c4384-d19c-474b-a298-c90b7e5c5204} -> C:\Program Files (x86)\WiseEnhance\WiseEnhanceBHO.dll (WiseEnhance) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-23] CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-23] CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14] CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\lenovo\AppData\Local\Slick Savings\coupons.crx [2014-04-30] CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22] C:\Program Files (x86)\Bench C:\Program Files (x86)\Common Files\Spigot C:\Users\lenovo\AppData\Local\Pay-By-Ads C:\Users\lenovo\AppData\Local\Slick Savings C:\Users\lenovo\Downloads\*(*)-dp.exe C:\Users\lenovo\Downloads\Niepotwierdzony*.crdownload C:\Users\Public\*.Tmp C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64.sys DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 CMD: for /d %f in (C:\Users\lenovo\AppData\Local\{*}) do rd /s /q "%f" CMD: sc config "Mobile Partner. RunOuc" start= demand ***************** Processes closed successfully. Update WiseEnhance => Service stopped successfully. Update WiseEnhance => Service deleted successfully. Util WiseEnhance => Service deleted successfully. {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64 => Service stopped successfully. {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64 => Service deleted successfully. {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64 => Service stopped successfully. {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64 => Service deleted successfully. BcmSqlStartupSvc => Service deleted successfully. CLKMSVC10_3A60B698 => Service deleted successfully. CLKMSVC10_C3B3B687 => Service deleted successfully. CscService => Service deleted successfully. DriverService => Service deleted successfully. iATAgentService => Service deleted successfully. idealife Update Service => Service deleted successfully. IGRS => Service deleted successfully. IviRegMgr => Service deleted successfully. Oasis2Service => Service deleted successfully. PCCarerService => Service deleted successfully. ReadyComm.DirectRouter => Service deleted successfully. RichVideo => Service deleted successfully. RtLedService => Service deleted successfully. SeaPort => Service deleted successfully. SoftwareService => Service deleted successfully. SQLWriter => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CC954F6-D5F5-486D-9EC7-90920EC833AC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CC954F6-D5F5-486D-9EC7-90920EC833AC}" => Key deleted successfully. C:\Windows\System32\Tasks\bench-S-1-5-21-2123458673-1839242927-792592233-1001 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-2123458673-1839242927-792592233-1001" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53F3283C-E751-4FD9-B9DD-8BFE1E97139D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53F3283C-E751-4FD9-B9DD-8BFE1E97139D}" => Key deleted successfully. C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C520B11-F119-4BB9-A698-9F716D871702}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C520B11-F119-4BB9-A698-9F716D871702}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search Udpater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Udpater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99F28FC2-1FA3-405F-8259-4EAA8252322E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99F28FC2-1FA3-405F-8259-4EAA8252322E}" => Key deleted successfully. C:\Windows\System32\Tasks\bench-sys => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6506E7F-5C4F-405A-896C-7A673759FEA4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6506E7F-5C4F-405A-896C-7A673759FEA4}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7DEE8FA-B148-45D6-B069-4D9E6859742F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7DEE8FA-B148-45D6-B069-4D9E6859742F}" => Key deleted successfully. C:\Windows\System32\Tasks\DealPly => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully. C:\Windows\Tasks\bench-S-1-5-21-2123458673-1839242927-792592233-1001.job => Moved successfully. C:\Windows\Tasks\bench-sys.job => Moved successfully. HKU\S-1-5-21-2123458673-1839242927-792592233-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => Value not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully. "HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5383BF9D-FAA2-4481-AF3E-E6643038496D}" => Key deleted successfully. "HKCR\CLSID\{5383BF9D-FAA2-4481-AF3E-E6643038496D}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181106}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211181106}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc8c4384-d19c-474b-a298-c90b7e5c5204}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{bc8c4384-d19c-474b-a298-c90b7e5c5204}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj" => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof" => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => Key deleted successfully. C:\Users\lenovo\AppData\Local\Slick Savings\coupons.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully. C:\Program Files (x86)\Bench => Moved successfully. C:\Program Files (x86)\Common Files\Spigot => Moved successfully. C:\Users\lenovo\AppData\Local\Pay-By-Ads => Moved successfully. C:\Users\lenovo\AppData\Local\Slick Savings => Moved successfully. C:\Users\lenovo\Downloads\*(*)-dp.exe => Moved successfully. C:\Users\lenovo\Downloads\Niepotwierdzony*.crdownload => Moved successfully. C:\Users\Public\*.Tmp => Moved successfully. C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64.sys => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => Failed to delete key at first attempt (Error: C0000121), see next line. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => Key Deleted Successfully. ========= for /d %f in (C:\Users\lenovo\AppData\Local\{*}) do rd /s /q "%f" ========= ========= End of CMD: ========= ========= sc config "Mobile Partner. RunOuc" start= demand ========= [SC] ChangeServiceConfig SUKCES ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====