Fix result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by pljarda (2016-05-25 11:08:48) Run:1
Running from C:\Users\pljarda\Downloads
Loaded Profiles: pljarda (Available Profiles: plkamru & pljarda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
U2 Quotenamron; C:\ProgramData\\Quotenamron\\Quotenamron.exe [947712 2016-05-25] () [File not signed]
AppInit_DLLs: C:\ProgramData\Quotenamron\Vilait.dll => C:\ProgramData\Quotenamron\Vilait.dll [363008 2016-05-25] ()
AppInit_DLLs-x32: C:\ProgramData\Quotenamron\Tam-Dex.dll => C:\ProgramData\Quotenamron\Tam-Dex.dll [257536 2016-05-25] ()
HKLM-x32\...\Run: [] => [X]
Task: {1DAAB754-00C8-4F91-94C4-48FCE8436D7D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {647A39F0-723A-4882-94BC-66D6DB76D689} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {7A33DF18-7BE3-4E44-A461-D2A18BC37B8E} - System32\Tasks\pljardaTreatiesButtressedV2 => Rundll32.exe MetatarsalSlows.dll,main 7 1 <==== ATTENTION)
Task: {C5C323D1-6895-4BD1-8414-1F73501E2516} - System32\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F} => C:\Users\pljarda\AppData\Roaming\{12E43~1\Updater.exe
Task: C:\Windows\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F}.job => C:\Users\pljarda\AppData\Roaming\{12E43~1\Updater.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-321930979-3402162066-1190322147-8181 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-321930979-3402162066-1190322147-8181 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
DPF: HKLM-x32 {B94C2238-346E-4C5E-9B36-8CC627F35574}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
C:\Program Files (x86)\Mozilla Firefox
C:\ProgramData\Logic Handler
C:\ProgramData\Quotenamron
C:\ProgramData\Quotenamrons
C:\Users\pljarda\AppData\Local\Exact.Update.OA.exe.log
C:\Users\pljarda\AppData\Local\TreatiesButtressed
C:\Users\pljarda\AppData\Roaming\*.*
C:\Users\pljarda\AppData\Roaming\Mozilla
C:\Windows\SysWOW64\findit.xml
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
backlh => service removed successfully
Quotenamron => service removed successfully
"C:\ProgramData\Quotenamron\Vilait.dll" => Value data removed successfully.
"C:\ProgramData\Quotenamron\Tam-Dex.dll" => Value data removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DAAB754-00C8-4F91-94C4-48FCE8436D7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DAAB754-00C8-4F91-94C4-48FCE8436D7D}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{647A39F0-723A-4882-94BC-66D6DB76D689}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{647A39F0-723A-4882-94BC-66D6DB76D689}" => key removed successfully
C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A33DF18-7BE3-4E44-A461-D2A18BC37B8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A33DF18-7BE3-4E44-A461-D2A18BC37B8E}" => key removed successfully
C:\Windows\System32\Tasks\pljardaTreatiesButtressedV2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pljardaTreatiesButtressedV2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5C323D1-6895-4BD1-8414-1F73501E2516}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5C323D1-6895-4BD1-8414-1F73501E2516}" => key removed successfully
C:\Windows\System32\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12E43934-F32F-21E8-D449-11CCFD7A970F}" => key removed successfully
C:\Windows\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F}.job => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-321930979-3402162066-1190322147-8181\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-321930979-3402162066-1190322147-8181\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{B94C2238-346E-4C5E-9B36-8CC627F35574}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B94C2238-346E-4C5E-9B36-8CC627F35574}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jidkebcigjgheaahopdnlfaohgnocfai" => key removed successfully
HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => key not found. 
HKCU\Software\dobreprogramy => key not found. 
HKLM\SOFTWARE\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\MozillaPlugins => key removed successfully
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => key removed successfully
C:\Program Files (x86)\Mozilla Firefox => moved successfully
C:\ProgramData\Logic Handler => moved successfully
C:\ProgramData\Quotenamron => moved successfully
"C:\ProgramData\Quotenamrons" => not found.
C:\Users\pljarda\AppData\Local\Exact.Update.OA.exe.log => moved successfully
"C:\Users\pljarda\AppData\Local\TreatiesButtressed" => not found.

=========== "C:\Users\pljarda\AppData\Roaming\*.*" ==========

C:\Users\pljarda\AppData\Roaming\agent.dat => moved successfully
C:\Users\pljarda\AppData\Roaming\Cansing.exe => moved successfully
C:\Users\pljarda\AppData\Roaming\Cansing.tst => moved successfully
C:\Users\pljarda\AppData\Roaming\Config.xml => moved successfully
C:\Users\pljarda\AppData\Roaming\Geosantom.bin => moved successfully
C:\Users\pljarda\AppData\Roaming\InstallationConfiguration.xml => moved successfully
C:\Users\pljarda\AppData\Roaming\Installer.dat => moved successfully
C:\Users\pljarda\AppData\Roaming\Main.dat => moved successfully
C:\Users\pljarda\AppData\Roaming\md.xml => moved successfully
C:\Users\pljarda\AppData\Roaming\noah.dat => moved successfully
C:\Users\pljarda\AppData\Roaming\uninstall_temp.ico => moved successfully

========= End -> "C:\Users\pljarda\AppData\Roaming\*.*" ========

C:\Users\pljarda\AppData\Roaming\Mozilla => moved successfully
C:\Windows\SysWOW64\findit.xml => moved successfully
EmptyTemp: => 512.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:09:18 ====