Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-08-2013 Ran by Gigi at 2013-08-26 22:38:46 Run:1 Running from C:\Users\Gigi\Desktop Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** HKCU\...\Policies\system: [NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995Task: {7DA1D059-A10C-4644-9558-A7BF2C4C68A4} - System32\Tasks\Dealply => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No FileTask: {D0D361B4-105B-4178-BF9D-CC9C9CC8A3F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No FileTask: {E6FA57CF-9376-49CD-8670-4EBEC753D3A5} - \Program aktualizacji online firmy Adobe. No Task FileTask: {FF3D86E1-305A-4287-89E8-FF14C572378D} - System32\Tasks\EPUpdater => C:\Users\Gigi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No FileTask: C:\Windows\Tasks\Dealply.job => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEFF SearchPlugin: C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\4nzjohcu.default\searchplugins\babylon.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xmlFF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [x]S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [x]S1 StarOpen; No ImagePathC:\Windows\system32\drivers\avgtpx64.sysC:\Windows\SysWOW64\searchpluginsC:\Windows\SysWOW64\ExtensionsC:\ProgramData\BrowserDefenderC:\ProgramData\eSafeC:\Users\Gigi\Documents\Optimizer ProC:\Users\Gigi\AppData\Local\DealPlyLiveC:\Users\Gigi\AppData\Local\MinibarC:\Users\Gigi\AppData\Local\LollipopC:\Users\Gigi\AppData\Local\Google\ChromeC:\Users\Gigi\AppData\Local\Avg2013C:\Users\Gigi\AppData\Local\ComodoC:\ProgramData\AVG Secure SearchC:\ProgramData\MFADataC:\Windows\DeleteOnReboot.batCMD: netsh winsock reset ***************** ========= HKCU\...\Policies\system: [NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995Task: {7DA1D059-A10C-4644-9558-A7BF2C4C68A4} - System32\Tasks\Dealply => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No FileTask: {D0D361B4-105B-4178-BF9D-CC9C9CC8A3F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No FileTask: {E6FA57CF-9376-49CD-8670-4EBEC753D3A5} - \Program aktualizacji online firmy Adobe. No Task FileTask: {FF3D86E1-305A-4287-89E8-FF14C572378D} - System32\Tasks\EPUpdater => C:\Users\Gigi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No FileTask: C:\Windows\Tasks\Dealply.job => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEFF SearchPlugin: C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\4nzjohcu.default\searchplugins\babylon.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xmlFF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [x]S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [x]S1 StarOpen; No ImagePathC:\Windows\system32\drivers\avgtpx64.sysC:\Windows\SysWOW64\searchpluginsC:\Windows\SysWOW64\ExtensionsC:\ProgramData\BrowserDefenderC:\ProgramData\eSafeC:\Users\Gigi\Documents\Optimizer ProC:\Users\Gigi\AppData\Local\DealPlyLiveC:\Users\Gigi\AppData\Local\MinibarC:\Users\Gigi\AppData\Local\LollipopC:\Users\Gigi\AppData\Local\Google\ChromeC:\Users\Gigi\AppData\Local\Avg2013C:\Users\Gigi\AppData\Local\ComodoC:\ProgramData\AVG Secure SearchC:\ProgramData\MFADataC:\Windows\DeleteOnReboot.bat netsh winsock reset ========= ========= End of CMD: ========= HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\HKCU\...\Policies\system: [NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995{7DA1D059-A10C-4644-9558-A7BF2C4C68A4} => Key not found. C:\Windows\HKCU\...\Policies\system: [NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995System32\Tasks\Dealply => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No FileTask: {D0D361B4-105B-4178-BF9D-CC9C9CC8A3F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No FileTask: {E6FA57CF-9376-49CD-8670-4EBEC753D3A5} - \Program aktualizacji online firmy Adobe. No Task FileTask: {FF3D86E1-305A-4287-89E8-FF14C572378D} - System32\Tasks\EPUpdater => C:\Users\Gigi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No FileTask: C:\Windows\Tasks\Dealply.job not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeHKCU\...\Policies\system: [NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995\Dealply => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No FileTask: {D0D361B4-105B-4178-BF9D-CC9C9CC8A3F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No FileTask: {E6FA57CF-9376-49CD-8670-4EBEC753D3A5} - \Program aktualizacji online firmy Adobe. No Task FileTask: {FF3D86E1-305A-4287-89E8-FF14C572378D} - System32\Tasks\EPUpdater => C:\Users\Gigi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No FileTask: C:\Windows\Tasks\Dealply.job => Key not found. HKCU\...\Policies\system: [NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995Task: {7DA1D059-A10C-4644-9558-A7BF2C4C68A4} - System32\Tasks\Dealply => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No FileTask: {D0D361B4-105B-4178-BF9D-CC9C9CC8A3F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No FileTask: {E6FA57CF-9376-49CD-8670-4EBEC753D3A5} - \Program aktualizacji online firmy Adobe. No Task FileTask: {FF3D86E1-305A-4287-89E8-FF14C572378D} - System32\Tasks\EPUpdater => C:\Users\Gigi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No FileC:\Windows\Tasks\Dealply.job not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKCU\...\Policies\system: [NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995Task: {7DA1D059-A10C-4644-9558-A7BF2C4C68A4} - System32\Tasks\Dealply => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No FileTask: {D0D361B4-105B-4178-BF9D-CC9C9CC8A3F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No FileTask: {E6FA57CF-9376-49CD-8670-4EBEC753D3A5} - \Program aktualizacji online firmy Adobe. No Task FileTask: {FF3D86E1-305A-4287-89E8-FF14C572378D} - System32\Tasks\EPUpdater => C:\Users\Gigi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No FileTask: C:\Windows\Tasks\Dealply.job => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEC:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\4nzjohcu.default\searchplugins\babylon.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xmlFF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [x]S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [x]S1 StarOpen; No ImagePathC:\Windows\system32\drivers\avgtpx64.sysC:\Windows\SysWOW64\searchpluginsC:\Windows\SysWOW64\ExtensionsC:\ProgramData\BrowserDefenderC:\ProgramData\eSafeC:\Users\Gigi\Documents\Optimizer ProC:\Users\Gigi\AppData\Local\DealPlyLiveC:\Users\Gigi\AppData\Local\MinibarC:\Users\Gigi\AppData\Local\LollipopC:\Users\Gigi\AppData\Local\Google\ChromeC:\Users\Gigi\AppData\Local\Avg2013C:\Users\Gigi\AppData\Local\ComodoC:\ProgramData\AVG Secure SearchC:\ProgramData\MFADataC:\Windows\DeleteOnReboot.batCMD: netsh winsock reset" => not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995Task: {7DA1D059-A10C-4644-9558-A7BF2C4C68A4} - System32\Tasks\Dealply => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No FileTask: {D0D361B4-105B-4178-BF9D-CC9C9CC8A3F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No FileTask: {E6FA57CF-9376-49CD-8670-4EBEC753D3A5} - \Program aktualizacji online firmy Adobe. No Task FileTask: {FF3D86E1-305A-4287-89E8-FF14C572378D} - System32\Tasks\EPUpdater => C:\Users\Gigi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No FileTask: C:\Windows\Tasks\Dealply.job => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEFF SearchPlugin: C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\4nzjohcu.default\searchplugins\babylon.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xmlFF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [x]S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27 => Value not found. HKCU\...\Policies\system: [NoDispCPL] 0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995Task: {7DA1D059-A10C-4644-9558-A7BF2C4C68A4} - System32\Tasks\Dealply => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No FileTask: {D0D361B4-105B-4178-BF9D-CC9C9CC8A3F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe No FileTask: {E6FA57CF-9376-49CD-8670-4EBEC753D3A5} - \Program aktualizacji online firmy Adobe. No Task FileTask: {FF3D86E1-305A-4287-89E8-FF14C572378D} - System32\Tasks\EPUpdater => C:\Users\Gigi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No FileTask: C:\Windows\Tasks\Dealply.job => C:\Users\Gigi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEFF SearchPlugin: C:\Users\Gigi\AppData\Roaming\Mozilla\Firefox\Profiles\4nzjohcu.default\searchplugins\babylon.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xmlFF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=395049983_266035_5493A1D1&ts=1377285995Hamachi2Svc => Service not found. ==== End of Fixlog ====