Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014 Ran by Jakub at 2014-11-05 16:06:28 Run:1 Running from D:\Torrenty Loaded Profile: Jakub (Available profiles: Jakub) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM-x32\...\Run: [cssrrs] => C:\Users\Jakub\AppData\Roaming\csrrs.exe [806912 2014-11-04] ( ) HKU\S-1-5-21-4193634356-1386167445-2874816342-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION HKU\S-1-5-21-4193634356-1386167445-2874816342-1001\...\Run: [cssrrs] => C:\Users\Jakub\AppData\Roaming\csrrs.exe [806912 2014-11-04] ( ) HKU\S-1-5-21-4193634356-1386167445-2874816342-1001\...\Winlogon: [Shell] C:\Users\Jakub\AppData\Roaming\csrrs.exe [806912 2014-11-04] ( ) <==== ATTENTION HKU\S-1-5-21-4193634356-1386167445-2874816342-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0 IFEO\AvastSvc.exe: [Debugger] nqij.exe IFEO\AvastUI.exe: [Debugger] nqij.exe IFEO\avcenter.exe: [Debugger] nqij.exe IFEO\avconfig.exe: [Debugger] nqij.exe IFEO\avgcsrvx.exe: [Debugger] nqij.exe IFEO\avgidsagent.exe: [Debugger] nqij.exe IFEO\avgnt.exe: [Debugger] nqij.exe IFEO\avgrsx.exe: [Debugger] nqij.exe IFEO\avguard.exe: [Debugger] nqij.exe IFEO\avgui.exe: [Debugger] nqij.exe IFEO\avgwdsvc.exe: [Debugger] nqij.exe IFEO\avp.exe: [Debugger] nqij.exe IFEO\avscan.exe: [Debugger] nqij.exe IFEO\bdagent.exe: [Debugger] nqij.exe IFEO\blindman.exe: [Debugger] nqij.exe IFEO\ccuac.exe: [Debugger] nqij.exe IFEO\cc_loadingpage.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\ComboFix.exe: [Debugger] nqij.exe IFEO\egui.exe: [Debugger] nqij.exe IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\hijackthis.exe: [Debugger] nqij.exe IFEO\instup.exe: [Debugger] nqij.exe IFEO\keyscrambler.exe: [Debugger] nqij.exe IFEO\mbam.exe: [Debugger] nqij.exe IFEO\mbamgui.exe: [Debugger] nqij.exe IFEO\mbampt.exe: [Debugger] nqij.exe IFEO\mbamscheduler.exe: [Debugger] nqij.exe IFEO\mbamservice.exe: [Debugger] nqij.exe IFEO\MpCmdRun.exe: [Debugger] nqij.exe IFEO\msascui.exe: [Debugger] nqij.exe IFEO\MsMpEng.exe: [Debugger] nqij.exe IFEO\msseces.exe: [Debugger] nqij.exe IFEO\rstrui.exe: [Debugger] nqij.exe IFEO\SDFiles.exe: [Debugger] nqij.exe IFEO\SDMain.exe: [Debugger] nqij.exe IFEO\SDWinSec.exe: [Debugger] nqij.exe IFEO\spotify.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\spybotsd.exe: [Debugger] nqij.exe IFEO\startfastboot.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\super charger.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\TuneUpUtilitiesApp64.exe: [Debugger] nqij.exe IFEO\TuneUpUtilitiesService64.exe: [Debugger] nqij.exe IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\unins001.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\wireshark.exe: [Debugger] nqij.exe IFEO\zlclient.exe: [Debugger] nqij.exe Task: {93D3FFB6-73BF-4715-9068-C7BEB6630EED} - System32\Tasks\Origin => C:\Users\Jakub\AppData\Roaming\Origin\update.vbe [2014-07-19] () <==== ATTENTION Task: {96CD8A40-1972-4F74-B995-5910364D6092} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe Task: C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-1.job => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-11.job => C:\Program Files (x86)\TheTorntv V10\4163a01d-f8ce-493c-a92a-0b69ebc73c32-11.exe <==== ATTENTION Task: C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-2.job => C:\Program Files (x86)\TheTorntv V10\4163a01d-f8ce-493c-a92a-0b69ebc73c32-2.exe <==== ATTENTION Task: C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-3.job => C:\Program Files (x86)\TheTorntv V10\4163a01d-f8ce-493c-a92a-0b69ebc73c32-3.exe <==== ATTENTION Task: C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-4.job => C:\Program Files (x86)\TheTorntv V10\4163a01d-f8ce-493c-a92a-0b69ebc73c32-4.exe <==== ATTENTION Task: C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-5.job => C:\Program Files (x86)\TheTorntv V10\4163a01d-f8ce-493c-a92a-0b69ebc73c32-5.exe <==== ATTENTION Task: C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-5_user.job => C:\Program Files (x86)\TheTorntv V10\4163a01d-f8ce-493c-a92a-0b69ebc73c32-5.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X] C:\Program Files (x86)\mozilla firefox\plugins C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\TheTorntv V10 C:\ProgramData\AVAST Software C:\Temp C:\Users\Jakub\AppData\Roaming\*.exe C:\Users\Jakub\AppData\Roaming\msconfig.ini C:\Users\Jakub\AppData\Roaming\Origin\update.vbe C:\Windows\SysWOW64\Application Services CMD: sc config wuauserv start= delayed-auto Hosts: EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cssrrs => value deleted successfully. HKU\S-1-5-21-4193634356-1386167445-2874816342-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully. HKU\S-1-5-21-4193634356-1386167445-2874816342-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cssrrs => value deleted successfully. HKU\S-1-5-21-4193634356-1386167445-2874816342-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. HKU\S-1-5-21-4193634356-1386167445-2874816342-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cc_loadingpage.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hamachi-2-ui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msascui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spotify.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\startfastboot.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\super charger.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TuneUpUtilitiesApp64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TuneUpUtilitiesService64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins001.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93D3FFB6-73BF-4715-9068-C7BEB6630EED}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93D3FFB6-73BF-4715-9068-C7BEB6630EED}" => Key deleted successfully. C:\Windows\System32\Tasks\Origin => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96CD8A40-1972-4F74-B995-5910364D6092}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96CD8A40-1972-4F74-B995-5910364D6092}" => Key deleted successfully. C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013" => Key deleted successfully. C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-1.job => Moved successfully. C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-11.job => Moved successfully. C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-2.job => Moved successfully. C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-3.job => Moved successfully. C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-4.job => Moved successfully. C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-5.job => Moved successfully. C:\Windows\Tasks\4163a01d-f8ce-493c-a92a-0b69ebc73c32-5_user.job => Moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully. NTIOLib_1_0_C => Service deleted successfully. TuneUp.UtilitiesSvc => Service deleted successfully. TuneUpUtilitiesDrv => Service deleted successfully. C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully. "C:\Program Files (x86)\globalUpdate" => File/Directory not found. "C:\Program Files (x86)\TheTorntv V10" => File/Directory not found. C:\ProgramData\AVAST Software => Moved successfully. C:\Temp => Moved successfully. C:\Users\Jakub\AppData\Roaming\*.exe => Moved successfully. C:\Users\Jakub\AppData\Roaming\msconfig.ini => Moved successfully. C:\Users\Jakub\AppData\Roaming\Origin\update.vbe => Moved successfully. C:\Windows\SysWOW64\Application Services => Moved successfully. ========= sc config wuauserv start= delayed-auto ========= [SC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 1.5 GB temporary data. The system needed a reboot. ==== End of Fixlog ====