Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2015 02 Ran by Alexis at 2015-01-14 17:01:14 Run:1 Running from C:\Users\Alexis\Application Data\Downloads Loaded Profiles: Alexis & UpdatusUser (Available profiles: Alexis & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** Startup: C:\Users\Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk HKLM\...\Run: [] => [X] HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\...\Run: [] => [X] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-1817701526-1401173901-2305217273-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 CustomCLSID: HKU\S-1-5-21-1817701526-1401173901-2305217273-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Alexis\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe No (the data entry has 5 more characters). Task: {3B7887C4-B5E7-4CC9-A809-35205CC7B408} - System32\Tasks\{CDD6B537-5127-439A-B473-D2519696A61F} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{B406605B-45FE-4D8F-8250-1E77479583AE} Task: {4C3F8F18-946A-4D72-855E-CF8A231CEE6E} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{21D8AAA9-4029-46A7-A23C-2BC4DCA40652}.exe Task: {536606F6-13CE-495D-A6AC-CFE687145D64} - System32\Tasks\{45B8CDEC-6D7F-4B95-9336-DA85BD94F99B} => pcalua.exe -a C:\Users\Alexis\Downloads\sp42568.exe -d C:\Users\Alexis\Downloads Task: {AA352EE5-79BC-4776-8623-13D9F5B416CA} - System32\Tasks\{A4910BF1-AD67-4A16-BA6D-899AE2C9C7B1} => pcalua.exe -a "C:\Users\Alexis\Downloads\Zoo Tycoon 2 PL.exe" -d C:\Users\Alexis\Downloads Task: {AE4E333F-A1D2-4309-8A00-4350B7C7FC05} - System32\Tasks\{3A463E5A-48AD-49D6-81E4-6115A076D8E2} => pcalua.exe -a "E:\Sterownik Validity Fingerprint Sensor.exe" -d E:\ Task: {B00FBE50-15CC-42F5-AABA-8697523B3A20} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{6FC31634-333D-4DD7-BD76-76959D76129F}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{6FC31634-333D-4DD7-BD76-76959D76129F}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{21D8AAA9-4029-46A7-A23C-2BC4DCA40652}.exe FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\qkbemnt4.default\extensions\fftoolbar2014@etech.com FF HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext S2 Update Dynamo Combo; "C:\Program Files\Dynamo Combo\updateDynamoCombo.exe" [X] U4 NMIndexingService; No ImagePath C:\Program Files\XTab C:\ProgramData\dsgsdgdsgdsgw.pad C:\ProgramData\lsass.exe C:\ProgramData\Norton C:\Users\Alexis\AppData\Local\Google C:\Users\Alexis\AppData\Local\NPE C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Windows\CurrentVersion\Run /f Reg: reg delete HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} /f Reg: reg delete "HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Internet Explorer\Toolbar" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** C:\Users\Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core => value deleted successfully. HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => value deleted successfully. HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully. HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => Key not found. "HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully. HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => Key not found. "HKU\S-1-5-21-1817701526-1401173901-2305217273-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B7887C4-B5E7-4CC9-A809-35205CC7B408}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B7887C4-B5E7-4CC9-A809-35205CC7B408}" => Key deleted successfully. C:\Windows\System32\Tasks\{CDD6B537-5127-439A-B473-D2519696A61F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CDD6B537-5127-439A-B473-D2519696A61F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C3F8F18-946A-4D72-855E-CF8A231CEE6E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C3F8F18-946A-4D72-855E-CF8A231CEE6E}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{536606F6-13CE-495D-A6AC-CFE687145D64}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{536606F6-13CE-495D-A6AC-CFE687145D64}" => Key deleted successfully. C:\Windows\System32\Tasks\{45B8CDEC-6D7F-4B95-9336-DA85BD94F99B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{45B8CDEC-6D7F-4B95-9336-DA85BD94F99B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA352EE5-79BC-4776-8623-13D9F5B416CA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA352EE5-79BC-4776-8623-13D9F5B416CA}" => Key deleted successfully. C:\Windows\System32\Tasks\{A4910BF1-AD67-4A16-BA6D-899AE2C9C7B1} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4910BF1-AD67-4A16-BA6D-899AE2C9C7B1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE4E333F-A1D2-4309-8A00-4350B7C7FC05}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE4E333F-A1D2-4309-8A00-4350B7C7FC05}" => Key deleted successfully. C:\Windows\System32\Tasks\{3A463E5A-48AD-49D6-81E4-6115A076D8E2} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A463E5A-48AD-49D6-81E4-6115A076D8E2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B00FBE50-15CC-42F5-AABA-8697523B3A20}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B00FBE50-15CC-42F5-AABA-8697523B3A20}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv" => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully. HKU\S-1-5-21-1817701526-1401173901-2305217273-1000\Software\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value deleted successfully. Update Dynamo Combo => Service deleted successfully. NMIndexingService => Service deleted successfully. C:\Program Files\XTab => Moved successfully. C:\ProgramData\dsgsdgdsgdsgw.pad => Moved successfully. C:\ProgramData\lsass.exe => Moved successfully. C:\ProgramData\Norton => Moved successfully. C:\Users\Alexis\AppData\Local\Google => Moved successfully. C:\Users\Alexis\AppData\Local\NPE => Moved successfully. C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Windows\CurrentVersion\Run /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-1817701526-1401173901-2305217273-1002\Software\Microsoft\Internet Explorer\Toolbar" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 31.7 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:01:31 ====