Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015 Ran by Monix at 2015-02-02 17:49:16 Run:1 Running from C:\Users\Monix\Downloads Loaded Profiles: Monix (Available profiles: Monix) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {4B393384-05CC-4F9A-8AD5-5F7948F36056} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: {4FB330C8-9639-45C0-94EC-A4A392DAA191} - \DealPly No Task File <==== ATTENTION Task: {9492AE53-2D1A-47D3-A2DF-967EB607FED4} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION Task: {978842C0-8FAF-4091-9634-F704C9260D3F} - System32\Tasks\EPUpdater => C:\Users\Monix\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418510501&from=cor&uid=SAMSUNGXHD321KJ_S0MQJDWQ114238" HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKU\S-1-5-21-2232964261-3540459803-2901109087-1000 -> {60F2A61B-4CA9-45FF-94E5-3EBCF0BA1140} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms} Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKU\S-1-5-21-2232964261-3540459803-2901109087-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File HKU\S-1-5-21-2232964261-3540459803-2901109087-1000\...\Run: [AdobeBridge] => [X] S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] AlternateDataStreams: C:\ProgramData\Microsoft:gicILdp5KoPVp7kQoiQpriqtr AlternateDataStreams: C:\ProgramData\Microsoft:xgtBPX16BTfqTgtZStdgPOv AlternateDataStreams: C:\ProgramData\Microsoft:ZYRpxqYkazUXi9T6ZPaPq AlternateDataStreams: C:\Users\Monix\Cookies:G8dV1U1b6kNUbZVbVU AlternateDataStreams: C:\Users\Monix\Ustawienia lokalne:h1869xXWja3FzuFKoRvaZr AlternateDataStreams: C:\Users\Monix\AppData\Local:h1869xXWja3FzuFKoRvaZr AlternateDataStreams: C:\Users\Monix\AppData\Local\0rc4o8VX4wf2Wj:80HXJbjdqbfKejcuzVi4Aov AlternateDataStreams: C:\Users\Monix\AppData\Local\Dane aplikacji:h1869xXWja3FzuFKoRvaZr C:\Program Files\AutoRun.inf C:\Users\Monix\AppData\Local\{69BFF262-8BEF-41C7-A6D6-D36290343342} C:\Users\Monix\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 7" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apps Hat" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppsHat" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Extensions" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Slick Savings" /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B393384-05CC-4F9A-8AD5-5F7948F36056}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B393384-05CC-4F9A-8AD5-5F7948F36056}" => Key deleted successfully. C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FB330C8-9639-45C0-94EC-A4A392DAA191}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FB330C8-9639-45C0-94EC-A4A392DAA191}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9492AE53-2D1A-47D3-A2DF-967EB607FED4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9492AE53-2D1A-47D3-A2DF-967EB607FED4}" => Key deleted successfully. C:\Windows\System32\Tasks\DealPlyUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{978842C0-8FAF-4091-9634-F704C9260D3F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{978842C0-8FAF-4091-9634-F704C9260D3F}" => Key deleted successfully. C:\Windows\System32\Tasks\EPUpdater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully. Chrome StartupUrls deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. "HKU\S-1-5-21-2232964261-3540459803-2901109087-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60F2A61B-4CA9-45FF-94E5-3EBCF0BA1140}" => Key deleted successfully. HKCR\CLSID\{60F2A61B-4CA9-45FF-94E5-3EBCF0BA1140} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKU\S-1-5-21-2232964261-3540459803-2901109087-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. HKU\S-1-5-21-2232964261-3540459803-2901109087-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully. andnetndis => Service deleted successfully. C:\ProgramData\Microsoft => ":gicILdp5KoPVp7kQoiQpriqtr" ADS removed successfully. C:\ProgramData\Microsoft => ":xgtBPX16BTfqTgtZStdgPOv" ADS removed successfully. C:\ProgramData\Microsoft => ":ZYRpxqYkazUXi9T6ZPaPq" ADS removed successfully. "C:\Users\Monix\Cookies" => ":G8dV1U1b6kNUbZVbVU" ADS not found. "C:\Users\Monix\Ustawienia lokalne" => ":h1869xXWja3FzuFKoRvaZr" ADS not found. C:\Users\Monix\AppData\Local => ":h1869xXWja3FzuFKoRvaZr" ADS removed successfully. C:\Users\Monix\AppData\Local\0rc4o8VX4wf2Wj => ":80HXJbjdqbfKejcuzVi4Aov" ADS removed successfully. "C:\Users\Monix\AppData\Local\Dane aplikacji" => ":h1869xXWja3FzuFKoRvaZr" ADS not found. C:\Program Files\AutoRun.inf => Moved successfully. C:\Users\Monix\AppData\Local\{69BFF262-8BEF-41C7-A6D6-D36290343342} => Moved successfully. C:\Users\Monix\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 7" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apps Hat" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppsHat" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Extensions" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Slick Savings" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis.com /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.8 GB temporary data. The system needed a reboot. ==== End of Fixlog 17:50:26 ====