Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 01 Ran by Justyna at 2014-01-27 21:03:29 Run:1 Running from E:\instalki\oczyszczanie systemu Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {07ED72AE-C928-4AA1-BA6F-68E32539FCCF} - System32\Tasks\DSite => C:\Users\Justyna\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {2921A797-7BBC-42A0-986E-F3C01BCD2DFC} - System32\Tasks\Dealply => C:\Users\Justyna\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: C:\Windows\Tasks\Dealply.job => C:\Users\Justyna\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION S2 Windows Internet Name Service; C:\Windows\system32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe [x] S1 fmtkljjw; \??\C:\Windows\system32\drivers\fmtkljjw.sys [x] S2 Kmm4xNT; C:\Windows\SysWow64\Drivers\Kmm4xNT.sys [95484 2002-04-26] (DATOM Dariusz Cielebąk) HKCU\...\Run: [ChicaPasswordManager] - "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned HKCU\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => File Not Found HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.holasearch.com/?babsrc=HP_ss&mntrId=AA98446D57D1C801&affID=121962&tsp=4967 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.holasearch.com/?babsrc=HP_ss&mntrId=AA98446D57D1C801&affID=121962&tsp=4967 SearchScopes: HKCU - DefaultScope {5164D9F7-B778-4BAD-97BB-1FC819FAD20D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=15B6B740-FADB-4ACF-B2E3-D7E15863BCCC&apn_sauid=226965B7-4E73-4EA2-A671-E67DB37AC383 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=121240&tt=gc_&babsrc=SP_ss_bad2g&mntrId=AA98446D57D1C801 SearchScopes: HKCU - {45056585-15B0-41D5-9F99-D80DCA179CF4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN37780094132781309&UM=1 SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {5164D9F7-B778-4BAD-97BB-1FC819FAD20D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=15B6B740-FADB-4ACF-B2E3-D7E15863BCCC&apn_sauid=226965B7-4E73-4EA2-A671-E67DB37AC383 Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF HKLM-x32\...\Firefox\Extensions: [SeeSimilar@SeeSimilar.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com FF HKCU\...\Firefox\Extensions: [SeeSimilar@SeeSimilar.com] - C:\Users\Justyna\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com FF Extension: SeeSimilar - C:\Users\Justyna\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com [2013-08-07] CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Justyna\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26] CHR HKLM-x32\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2013-03-26] CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Justyna\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26] C:\AsusVibeData C:\Program Files (x86)\DealPly C:\Program Files (x86)\DealPlyLive C:\Program Files (x86)\Windows Live C:\ProgramData\Berowsye2soavve C:\Users\Justyna\AppData\Local\CRE C:\Users\Justyna\AppData\Local\Conduit C:\Users\Justyna\AppData\Local\Temp*.html C:\Users\Justyna\AppData\Local\uninst.tmp C:\Users\Justyna\AppData\Roaming\ASUS WebStorage C:\Users\Justyna\AppData\Roaming\Babylon C:\Users\Justyna\AppData\Roaming\Dealply C:\Users\Justyna\AppData\Roaming\DSite C:\Users\Justyna\AppData\Roaming\File Scout C:\Users\Justyna\AppData\Roaming\NCdownloader C:\Users\Justyna\AppData\Roaming\OpenCandy C:\Users\Justyna\AppData\Roaming\PerformerSoft C:\Users\Justyna\AppData\Roaming\SeeSimilar C:\Windows\ĽůČ C:\Windows\SysWOW64\KMM4XNTD.DLL C:\Windows\SysWow64\Drivers\Kmm4xNT.sys ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07ED72AE-C928-4AA1-BA6F-68E32539FCCF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07ED72AE-C928-4AA1-BA6F-68E32539FCCF} => Key deleted successfully. C:\Windows\System32\Tasks\DSite => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2921A797-7BBC-42A0-986E-F3C01BCD2DFC} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2921A797-7BBC-42A0-986E-F3C01BCD2DFC} => Key deleted successfully. C:\Windows\System32\Tasks\Dealply => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully. C:\Windows\Tasks\Dealply.job => Moved successfully. Windows Internet Name Service => Service deleted successfully. fmtkljjw => Service deleted successfully. Kmm4xNT => Service deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ChicaPasswordManager => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => Value deleted successfully. "c:\\progra~3\\bitguard\\271769~1.27\\{c16c1~1\\loader.dll" => Value Data removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{45056585-15B0-41D5-9F99-D80DCA179CF4} => Key deleted successfully. HKCR\CLSID\{45056585-15B0-41D5-9F99-D80DCA179CF4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key deleted successfully. HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5164D9F7-B778-4BAD-97BB-1FC819FAD20D} => Key deleted successfully. HKCR\CLSID\{5164D9F7-B778-4BAD-97BB-1FC819FAD20D} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => Key deleted successfully. C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found. HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc => Key deleted successfully. C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\SeeSimilar@SeeSimilar.com => Value deleted successfully. HKCU\Software\Mozilla\Firefox\Extensions\\SeeSimilar@SeeSimilar.com => Value deleted successfully. C:\Users\Justyna\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com => Moved successfully. HKCU\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => Key deleted successfully. C:\Users\Justyna\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn => Key deleted successfully. "C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => Key deleted successfully. "C:\Users\Justyna\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx" => File/Directory not found. C:\AsusVibeData => Moved successfully. "C:\Program Files (x86)\DealPly" directory move: C:\Program Files (x86)\DealPly\uninst.exe => Moved successfully. Could not move "C:\Program Files (x86)\DealPly" directory. => Scheduled to move on reboot. C:\Program Files (x86)\DealPlyLive => Moved successfully. C:\Program Files (x86)\Windows Live => Moved successfully. C:\ProgramData\Berowsye2soavve => Moved successfully. C:\Users\Justyna\AppData\Local\CRE => Moved successfully. C:\Users\Justyna\AppData\Local\Conduit => Moved successfully. Could not move "C:\Users\Justyna\AppData\Local\Temp*.html" => Scheduled to move on reboot. C:\Users\Justyna\AppData\Local\uninst.tmp => Moved successfully. C:\Users\Justyna\AppData\Roaming\ASUS WebStorage => Moved successfully. C:\Users\Justyna\AppData\Roaming\Babylon => Moved successfully. "C:\Users\Justyna\AppData\Roaming\Dealply" directory move: C:\Users\Justyna\AppData\Roaming\Dealply\UpdateProc\config.dat => Moved successfully. C:\Users\Justyna\AppData\Roaming\Dealply\UpdateProc\STTL.DAT => Moved successfully. C:\Users\Justyna\AppData\Roaming\Dealply\UpdateProc\TTL.DAT => Moved successfully. C:\Users\Justyna\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe => Moved successfully. Could not move "C:\Users\Justyna\AppData\Roaming\Dealply" directory. => Scheduled to move on reboot. "C:\Users\Justyna\AppData\Roaming\DSite" directory move: C:\Users\Justyna\AppData\Roaming\DSite\UpdateProc\prod.dat => Moved successfully. Could not move "C:\Users\Justyna\AppData\Roaming\DSite" directory. => Scheduled to move on reboot. C:\Users\Justyna\AppData\Roaming\File Scout => Moved successfully. C:\Users\Justyna\AppData\Roaming\NCdownloader => Moved successfully. C:\Users\Justyna\AppData\Roaming\OpenCandy => Moved successfully. C:\Users\Justyna\AppData\Roaming\PerformerSoft => Moved successfully. C:\Users\Justyna\AppData\Roaming\SeeSimilar => Moved successfully. C:\Windows\ĽůČ => Moved successfully. C:\Windows\SysWOW64\KMM4XNTD.DLL => Moved successfully. C:\Windows\SysWow64\Drivers\Kmm4xNT.sys => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-27 21:06:30)<= "C:\Program Files (x86)\DealPly" => Directory could not move. C:\Users\Justyna\AppData\Local\Temp*.html => Moved successfully. "C:\Users\Justyna\AppData\Roaming\Dealply" => Directory could not move. "C:\Users\Justyna\AppData\Roaming\DSite" => Directory could not move. ==== End of Fixlog ====