Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 03 Ran by laptop at 2013-09-18 18:31:51 Run:1 Running from C:\ Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [şgčŮwšĄ’çÂ)FxôěâÂWPN©Ź_ě5îE…4gG+ĂďťLĐTš B)…"«°˘Ä0Č˝P⍰6Çţď~%ŮÖqźÂ`,=bń±L«şŇÄş±đŤíŃYLŹş®küa†—ăŃKÍyjoľe†c_YCčz˛Ą—R‡žm¶+«p<ŕc“x] - [x] HKCU\...\Run: [Lwzazl] - C:\Users\laptop\AppData\Roaming\Lwzazl.exe [170806 2013-03-26] (Microsoft Corporation) HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=68B5002556EE1FC5 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.holasearch.com/?q={searchTerms}&affID=121962&tt=gc_&babsrc=SP_ss&mntrId=68B5002556EE1FC5 SearchScopes: HKCU - {902619DE-4304-4EDA-80C8-0DC17655D327} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\laptop\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx CHR HKLM-x32\...\Chrome\Extension: [fagpjgjmoaccgkkpjeoinehnoaimnbla] - C:\Users\laptop\AppData\Roaming\BabSolution\CR\hola.crx Task: {A58CB99F-8B04-47F5-9FA2-A2362FBDAE0F} - System32\Tasks\DealPly => C:\Users\laptop\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-02-27] () D:\Photoscape(12505).exe C:\Users\laptop\AppData\Roaming\*.exe C:\Users\laptop\AppData\Roaming\DealPly C:\Users\laptop\AppData\Roaming\mozilla C:\Program Files (x86)\mozilla firefox C:\eula.*.txt C:\install.* E:\*.lnk F:\*.lnk G:\*.lnk CMD: rd /s /q C:\$Recycle.Bin CMD: rd /s /q D:\$RECYCLE.BIN CMD: rd /s /q E:\RECYCLER CMD: rd /s /q F:\RECYCLER CMD: rd /s /q F:\$RECYCLE.BIN CMD: rd /s /q G:\RECYCLER CMD: attrib /d /s -s -h F:\* CMD: attrib /d /s -s -h G:\* ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\şgčŮwšĄ’çÂ)FxôěâÂWPN©Ź_ě5îE…4gG+ĂďťLĐTš B)…"«°˘Ä0Č˝P⍰6Çţď~%ŮÖqźÂ`,=bń±L«şŇÄş±đŤíŃYLŹş®küa†—ăŃKÍyjoľe†c_YCčz˛Ą—R‡žm¶+«p<ŕc“x => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Lwzazl => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{902619DE-4304-4EDA-80C8-0DC17655D327} => Key deleted successfully. HKCR\CLSID\{902619DE-4304-4EDA-80C8-0DC17655D327} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A58CB99F-8B04-47F5-9FA2-A2362FBDAE0F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A58CB99F-8B04-47F5-9FA2-A2362FBDAE0F} => Key deleted successfully. C:\Windows\System32\Tasks\DealPly => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key deleted successfully. D:\Photoscape(12505).exe => Moved successfully. C:\Users\laptop\AppData\Roaming\*.exe => Moved successfully. "C:\Users\laptop\AppData\Roaming\DealPly" directory move: C:\Users\laptop\AppData\Roaming\DealPly\UpdateProc\config.dat => Moved successfully. C:\Users\laptop\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe => Moved successfully. Could not move "C:\Users\laptop\AppData\Roaming\DealPly" directory. => Scheduled to move on reboot. C:\Users\laptop\AppData\Roaming\mozilla => Moved successfully. C:\Program Files (x86)\mozilla firefox => Moved successfully. C:\eula.*.txt => Moved successfully. C:\install.* => Moved successfully. E:\*.lnk => Moved successfully. F:\*.lnk => Moved successfully. G:\*.lnk => Moved successfully. ========= rd /s /q C:\$Recycle.Bin ========= ========= End of CMD: ========= ========= rd /s /q D:\$RECYCLE.BIN ========= ========= End of CMD: ========= ========= rd /s /q E:\RECYCLER ========= ========= End of CMD: ========= ========= rd /s /q F:\RECYCLER ========= ========= End of CMD: ========= ========= rd /s /q F:\$RECYCLE.BIN ========= ========= End of CMD: ========= ========= rd /s /q G:\RECYCLER ========= ========= End of CMD: ========= ========= attrib /d /s -s -h F:\* ========= ========= End of CMD: ========= ========= attrib /d /s -s -h G:\* ========= ========= End of CMD: ========= =========== Result of Scheduled Files to move =========== "C:\Users\laptop\AppData\Roaming\DealPly" => Directory could not move. ==== End of Fixlog ====