Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01 Ran by Adrian at 2015-02-20 16:05:37 Run:1 Running from C:\Users\Adrian\Desktop\Nowy folder (2) Loaded Profiles: Adrian (Available profiles: Adrian & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 fdNEIMqQ; C:\ProgramData\otYUcrPH\fdNEIMqQ.exe [2733552 2015-02-15] (Rational Thought Solutions) R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware) S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] Task: {95B5993B-6401-4D91-985A-ED5D912FD952} - System32\Tasks\Binkiland lodi => Wscript.exe "C:\ProgramData\{C6F22E31-9670-FFB7-27F6-8F35F7745CBB}\1.9.1.1\fiber.js" "433a2f50726f6772616d446174612f7b43364632324533312d393637302d464642372d323746362d3846333546373734354342427d2f312e392e312e312f6c6f64692e646c6c" "687474703a2f2f73616f2e62696e6b702e636f6d2f" "--IsErIk" Task: {9E1FD56F-1110-4A5E-A63C-0C55910D27FD} - System32\Tasks\UKNC => C:\Users\Adrian\AppData\Roaming\UKNC.exe [2015-02-15] (HQ CinemaV15.02) <==== ATTENTION Task: {F2912BD5-71BC-4C91-8FE7-0558A0104A46} - System32\Tasks\{E56E06C7-4926-4545-8719-D0830C9D4D4D} => pcalua.exe -a C:\Users\Adrian\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=obw Task: C:\Windows\Tasks\Binkiland lodi.job => C:\Windows\system32\wscript.exe Task: C:\Windows\Tasks\UKNC.job => C:\Users\Adrian\AppData\Roaming\UKNC.exe <==== ATTENTION Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1AB14RN51.lnk HKLM-x32\...\Run: [gmsd_gb_141] => [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-3032066820-4217908898-2940429015-1002\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-3032066820-4217908898-2940429015-1002\...\Policies\Explorer: [NoControlPanel] 0 AppInit_DLLs-x32: c:/progra~3/{c6f22~1/191~1.1/lodi.dll => c:/progra~3/{c6f22~1/191~1.1/lodi.dll [964608 2015-02-06] () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:55570;https=127.0.0.1:55570 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = StartMenuInternet: IEXPLORE.EXE - iexplore.exe CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1424024485&from=squadm&uid=ST1500LM006XHN-M151RAD_S35UJ9AFB08930" C:\*.tmp C:\811675a7-6b00-4d66-89e4-2c63231d3d77 C:\Program Files (x86)\CloudScout Parental Control C:\Program Files (x86)\YouTube-Downloader C:\ProgramData\{C6F22E31-9670-FFB7-27F6-8F35F7745CBB} C:\ProgramData\{ebe603e3-29b5-181e-ebe6-603e329b0f8c} C:\ProgramData\{f6627632-43e3-1824-f662-2763243ed8c9} C:\ProgramData\otYUcrPH C:\rei C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Adrian\AppData\Local\HealthAlert C:\Users\Adrian\AppData\Roaming\UKNC C:\Users\Adrian\AppData\Roaming\UKNC.exe C:\Users\Adrian\AppData\Roaming\34444335-1424112260-3738-3844-3863BB9D9E86 C:\Users\Adrian\AppData\Roaming\omniboxes C:\Users\Adrian\Downloads\*crack*.exe C:\Users\Adrian\Downloads\*Keygen*.exe C:\Users\Adrian\Downloads\PremierDownloadManagerWrapper.ch.PremierDownloadManager_ag.oaofmoegfbfnnfaeembaimddemfjbefc.ch.exe C:\Users\Adrian\Downloads\ReimageRepair*.exe C:\Users\Adrian\Downloads\Setup*.exe C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf CMD: ipconfig /flushdns Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. fdNEIMqQ => Service deleted successfully. YouTubeDownload_A3 => Service deleted successfully. SmbDrv => Service deleted successfully. SmbDrvI => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95B5993B-6401-4D91-985A-ED5D912FD952}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B5993B-6401-4D91-985A-ED5D912FD952}" => Key deleted successfully. C:\Windows\System32\Tasks\Binkiland lodi => Moved successfully.