Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015 Ran by admin at 2015-01-23 22:42:23 Run:1 Running from C:\Users\admin\Downloads Loaded Profiles: admin (Available profiles: admin) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION! R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib) R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2015-01-04] (XTab system) R2 YouTubeAcceleratorService; C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe [1510248 2015-01-14] (GOOBZO) HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-55905330-288421562-568435219-1000\...\Run: [GoobzoYouTubeAccelerator] => C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe [2227048 2015-01-14] (GOOBZO) HKU\S-1-5-21-55905330-288421562-568435219-1000\...\Run: [YpPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\admin\AppData\Local\Ozics\EP0NOE12.DLL HKU\S-1-5-21-55905330-288421562-568435219-1000\...\Run: [Eltion] => regsvr32.exe C:\Users\admin\AppData\Local\Eltion\CNHL08A.dll <===== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421230983&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hppp&ts=1421230983&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421230983&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421230983&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dspp&ts=1421230059&from=cor&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hppp&ts=1421230983&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1421230059&from=cor&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421230946&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} SearchScopes: HKU\S-1-5-21-55905330-288421562-568435219-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-55905330-288421562-568435219-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1421230983&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS&q={searchTerms} SearchScopes: HKU\S-1-5-21-55905330-288421562-568435219-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll (Goobzo Ltd.) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\admin\AppData\Local\PriceFountain\PriceFountainIE.dll No File BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll (Goobzo Ltd.) Task: {0C9CE307-51C4-464D-8FD6-0CCB436996E3} - System32\Tasks\YTAUpdate => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2015-01-14] (Goobzo) <==== ATTENTION Task: {1047211C-5FE9-481E-98B4-9DE650703E7B} - System32\Tasks\Price Fountain => C:\Users\admin\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2015-01-14] () <==== ATTENTION Task: {132A5AB7-E187-4EBF-A5FE-6DA2355D2F38} - System32\Tasks\AdobeFlashPlayerUpdate => C:\windows\SysWOW64\FlashPlayerUpdateService.exe Task: {1F45BDFA-213D-4E5A-8E6F-434A1FD950AA} - System32\Tasks\DSite => C:\Users\admin\AppData\Roaming\DSite\UpdateProc\updatetask.exe [2014-01-14] () <==== ATTENTION Task: {37F30370-B076-4B56-B878-84485F70F2D1} - System32\Tasks\EPUpdater => C:\Users\admin\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-04-07] () <==== ATTENTION Task: {49CCC7BC-996A-4A99-BE8B-3148630467BB} - System32\Tasks\YTAUpdate_logon => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2015-01-14] (Goobzo) <==== ATTENTION Task: {6F072A49-9EF7-4875-BC2F-85EFE2E38976} - System32\Tasks\{402429A3-AD80-47F2-B019-FD4EA2A104D0} => pcalua.exe -a C:\Users\admin\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=smt <==== ATTENTION Task: {7F8ABB9C-5D6F-4D2E-834B-0E9F930E4018} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\windows\SysWOW64\FlashPlayerUpdateService.exe Task: {C43A4654-5150-429B-9772-2670BDC719FE} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe [2014-06-15] (Goobzo LTD) <==== ATTENTION Task: {D9E57034-BE63-4D26-ADBE-29EFDEBF4C1D} - System32\Tasks\Digital Sites => C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {FE6BB7F9-A821-4A5E-A9CA-195F39DE7E55} - System32\Tasks\{64B1E721-462F-4A10-972F-D71B77213CCD} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe" Task: C:\windows\Tasks\Digital Sites.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\windows\Tasks\Price Fountain.job => C:\Users\admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421230983&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421230983&from=smt&uid=TOSHIBAXMK3261GSYN_12IIF0GZSXX12IIF0GZS" CHR DefaultSearchKeyword: Default -> omiga-plus CHR HKU\S-1-5-21-55905330-288421562-568435219-1000\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\admin\AppData\Local\newhb2.crx [2013-10-23] CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\admin\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx [Not Found] CustomCLSID: HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File C:\Program Files\Enigma Software Group C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\GUT3BD8.tmp C:\Program Files (x86)\XTab C:\ProgramData\AVG C:\ProgramData\IHProtectUpDate C:\ProgramData\TEMP C:\ProgramData\WindowsMangerProtect C:\Users\admin\AppData\Local\Avg C:\Users\admin\AppData\Local\CrashDumps C:\Users\admin\AppData\Local\CrashRpt C:\Users\admin\AppData\Local\Eltion C:\Users\admin\AppData\Local\globalUpdate C:\Users\admin\AppData\Local\Ozics C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\admin\AppData\Roaming\BabMaint.exe C:\Users\admin\AppData\Roaming\AVG C:\Users\admin\AppData\Roaming\BabSolution C:\Users\admin\AppData\Roaming\omiga-plus C:\Users\admin\AppData\Roaming\OpenCandy C:\Users\admin\AppData\Roaming\PriceFountain C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Local Storage\*localstorage* C:\Users\Public\Documents\GOOBZO C:\Windows\Installer\{B13EA808-3A8F-8E31-3851-661E1839DC64} C:\Windows\System32\Drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys C:\Windows\System32\Drivers\EsgScanner.sys C:\Windows\SysWOW64\GroupPolicy\GPT.INI CMD: for /d %f in (C:\Users\admin\AppData\Local\{*}) do rd /s /q "%f" Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall" /f ***************** Processes closed successfully. Restore point was successfully created. Operacja ukoäczona pomy˜lnie. {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 => Service stopped successfully. {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 => Service deleted successfully. IHProtect Service => Service deleted successfully. YouTubeAcceleratorService => Service deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Smart File Advisor => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoobzoYouTubeAccelerator => value deleted successfully. HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YpPack => value deleted successfully. HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Eltion => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-55905330-288421562-568435219-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-55905330-288421562-568435219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-55905330-288421562-568435219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-55905330-288421562-568435219-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully. HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully. HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. "HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b608cc98-54de-4775-96c9-097de398500c}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{b608cc98-54de-4775-96c9-097de398500c}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C9CE307-51C4-464D-8FD6-0CCB436996E3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C9CE307-51C4-464D-8FD6-0CCB436996E3}" => Key deleted successfully. C:\Windows\System32\Tasks\YTAUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1047211C-5FE9-481E-98B4-9DE650703E7B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1047211C-5FE9-481E-98B4-9DE650703E7B}" => Key deleted successfully. C:\Windows\System32\Tasks\Price Fountain => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price Fountain" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{132A5AB7-E187-4EBF-A5FE-6DA2355D2F38}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132A5AB7-E187-4EBF-A5FE-6DA2355D2F38}" => Key deleted successfully. C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F45BDFA-213D-4E5A-8E6F-434A1FD950AA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F45BDFA-213D-4E5A-8E6F-434A1FD950AA}" => Key deleted successfully. C:\Windows\System32\Tasks\DSite => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37F30370-B076-4B56-B878-84485F70F2D1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37F30370-B076-4B56-B878-84485F70F2D1}" => Key deleted successfully. C:\Windows\System32\Tasks\EPUpdater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49CCC7BC-996A-4A99-BE8B-3148630467BB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49CCC7BC-996A-4A99-BE8B-3148630467BB}" => Key deleted successfully. C:\Windows\System32\Tasks\YTAUpdate_logon => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAUpdate_logon" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F072A49-9EF7-4875-BC2F-85EFE2E38976}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F072A49-9EF7-4875-BC2F-85EFE2E38976}" => Key deleted successfully. C:\Windows\System32\Tasks\{402429A3-AD80-47F2-B019-FD4EA2A104D0} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{402429A3-AD80-47F2-B019-FD4EA2A104D0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7F8ABB9C-5D6F-4D2E-834B-0E9F930E4018}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F8ABB9C-5D6F-4D2E-834B-0E9F930E4018}" => Key deleted successfully. C:\Windows\System32\Tasks\AdobeFlashPlayerUpdate 2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C43A4654-5150-429B-9772-2670BDC719FE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C43A4654-5150-429B-9772-2670BDC719FE}" => Key deleted successfully. C:\Windows\System32\Tasks\YTAHelper => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTAHelper" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9E57034-BE63-4D26-ADBE-29EFDEBF4C1D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9E57034-BE63-4D26-ADBE-29EFDEBF4C1D}" => Key deleted successfully. C:\Windows\System32\Tasks\Digital Sites => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE6BB7F9-A821-4A5E-A9CA-195F39DE7E55}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE6BB7F9-A821-4A5E-A9CA-195F39DE7E55}" => Key deleted successfully. C:\Windows\System32\Tasks\{64B1E721-462F-4A10-972F-D71B77213CCD} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{64B1E721-462F-4A10-972F-D71B77213CCD}" => Key deleted successfully. C:\windows\Tasks\Digital Sites.job => Moved successfully. C:\windows\Tasks\Price Fountain.job => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml => Moved successfully. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. "HKU\S-1-5-21-55905330-288421562-568435219-1000\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => Key deleted successfully. C:\Users\admin\AppData\Local\newhb2.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb" => Key deleted successfully. "HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully. "HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully. "HKU\S-1-5-21-55905330-288421562-568435219-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files (x86)\globalUpdate => Moved successfully. C:\Program Files (x86)\GUT3BD8.tmp => Moved successfully. C:\Program Files (x86)\XTab => Moved successfully. C:\ProgramData\AVG => Moved successfully. C:\ProgramData\IHProtectUpDate => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\admin\AppData\Local\Avg => Moved successfully. C:\Users\admin\AppData\Local\CrashDumps => Moved successfully. C:\Users\admin\AppData\Local\CrashRpt => Moved successfully. C:\Users\admin\AppData\Local\Eltion => Moved successfully. C:\Users\admin\AppData\Local\globalUpdate => Moved successfully. C:\Users\admin\AppData\Local\Ozics => Moved successfully. C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd => Moved successfully. C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Users\admin\AppData\Roaming\BabMaint.exe => Moved successfully. C:\Users\admin\AppData\Roaming\AVG => Moved successfully. C:\Users\admin\AppData\Roaming\BabSolution => Moved successfully. C:\Users\admin\AppData\Roaming\omiga-plus => Moved successfully. C:\Users\admin\AppData\Roaming\OpenCandy => Moved successfully. C:\Users\admin\AppData\Roaming\PriceFountain => Moved successfully. C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Local Storage\*localstorage* => Moved successfully. C:\Users\Public\Documents\GOOBZO => Moved successfully. C:\Windows\Installer\{B13EA808-3A8F-8E31-3851-661E1839DC64} => Moved successfully. C:\Windows\System32\Drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys => Moved successfully. C:\Windows\System32\Drivers\EsgScanner.sys => Moved successfully. C:\Windows\SysWOW64\GroupPolicy\GPT.INI => Moved successfully. ========= for /d %f in (C:\Users\admin\AppData\Local\{*}) do rd /s /q "%f" ========= ========= End of CMD: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog 22:42:57 ====