Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-02-2014 Ran by JoannaM at 2014-02-21 11:26:30 Run:1 Running from D:\hmm Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Users\JoannaM\AppData\Roaming\pwo6\svchost.exe () C:\Users\JoannaM\AppData\Local\Temp\_MEI46362\bin\winlogon.exe (Microsoft Corporation) C:\windows\SysWOW64\cmd.exe HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1735395495-2726210869-181527219-1002\...\Run: [pwo6] - C:\Users\JoannaM\AppData\Roaming\pwo6\svchost.exe [7321472 2014-02-05] () C:\Users\JoannaM\AppData\Local\Temp\_MEI46362 C:\Users\JoannaM\AppData\Roaming\pwo6 Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION Task: {2EBC73EA-5724-42A3-ABB7-014FB1F85A85} - \Dealply No Task File Task: {8102602A-5DE4-41A9-B170-274784BDCFF4} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File Task: {AD491EB2-1BBB-431A-A5C0-CB4765D776F4} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File Task: {C89C9524-B51C-4587-B240-38B5E88BC2E9} - System32\Tasks\{CA299302-808D-4C7A-A74D-9789DEED446D} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/pl/abandoninstall?page=tsWLM StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" Reg: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d C:\Windows\system32\nvinitx.dll /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d C:\Windows\SysWOW64\nvinit.dll /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {779A2E64-4866-4DC0-893A-609F3F79FCD6} /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {779A2E64-4866-4DC0-893A-609F3F79FCD6} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** [3956] C:\Users\JoannaM\AppData\Roaming\pwo6\svchost.exe => Process closed successfully. C:\Users\JoannaM\AppData\Local\Temp\_MEI46362\bin\winlogon.exe => No running process found [3316] C:\windows\SysWOW64\cmd.exe => Process closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully. HKU\S-1-5-21-1735395495-2726210869-181527219-1002\Software\Microsoft\Windows\CurrentVersion\Run\\pwo6 => Value deleted successfully. "C:\Users\JoannaM\AppData\Local\Temp\_MEI46362" => File/Directory not found. "C:\Users\JoannaM\AppData\Roaming\pwo6" directory move: C:\Users\JoannaM\AppData\Roaming\pwo6\cached-certs => Moved successfully. C:\Users\JoannaM\AppData\Roaming\pwo6\cached-microdesc-consensus => Moved successfully. C:\Users\JoannaM\AppData\Roaming\pwo6\cached-microdescs => Moved successfully. C:\Users\JoannaM\AppData\Roaming\pwo6\cached-microdescs.new => Moved successfully. Could not move "C:\Users\JoannaM\AppData\Roaming\pwo6\lock" => Scheduled to move on reboot. C:\Users\JoannaM\AppData\Roaming\pwo6\state => Moved successfully. Could not move "C:\Users\JoannaM\AppData\Roaming\pwo6\svchost.exe" => Scheduled to move on reboot. Could not move "C:\Users\JoannaM\AppData\Roaming\pwo6" directory. => Scheduled to move on reboot. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EBC73EA-5724-42A3-ABB7-014FB1F85A85} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EBC73EA-5724-42A3-ABB7-014FB1F85A85} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8102602A-5DE4-41A9-B170-274784BDCFF4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8102602A-5DE4-41A9-B170-274784BDCFF4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD491EB2-1BBB-431A-A5C0-CB4765D776F4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD491EB2-1BBB-431A-A5C0-CB4765D776F4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C89C9524-B51C-4587-B240-38B5E88BC2E9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C89C9524-B51C-4587-B240-38B5E88BC2E9} => Key deleted successfully. C:\Windows\System32\Tasks\{CA299302-808D-4C7A-A74D-9789DEED446D} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA299302-808D-4C7A-A74D-9789DEED446D} => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows (Default) REG_SZ mnmsrvc Spooler REG_SZ yes DeviceNotSelectedTimeout REG_SZ 15 TransmissionRetryTimeout REG_SZ 90 ShutdownWarningDialogTimeout REG_DWORD 0xffffffff USERProcessHandleQuota REG_DWORD 0x2710 LoadAppInit_DLLs REG_DWORD 0x1 IconServiceLib REG_SZ IconCodecService.dll DesktopHeapLogging REG_DWORD 0x1 DdeSendTimeout REG_DWORD 0x0 USERPostMessageLimit REG_DWORD 0x2710 USERNestedWindowLimit REG_DWORD 0x32 AppInit_DLLs REG_SZ C:\windows\SysWOW64\nvinit.dll C:\windows\SysWOW64\nvinit.dll,C:\windows\system32\nvinitx.dll C:\Program Files (x86)\Optimizer NaturalInputHandler REG_SZ Ninput.dll ThreadUnresponsiveLogTimeout REG_DWORD 0x1f4 GDIProcessHandleQuota REG_DWORD 0x2710 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows (Default) REG_SZ mnmsrvc Spooler REG_SZ yes DeviceNotSelectedTimeout REG_SZ 15 TransmissionRetryTimeout REG_SZ 90 ShutdownWarningDialogTimeout REG_DWORD 0xffffffff USERProcessHandleQuota REG_DWORD 0x2710 LoadAppInit_DLLs REG_DWORD 0x1 IconServiceLib REG_SZ IconCodecService.dll DesktopHeapLogging REG_DWORD 0x1 DdeSendTimeout REG_DWORD 0x0 USERPostMessageLimit REG_DWORD 0x2710 USERNestedWindowLimit REG_DWORD 0x32 AppInit_DLLs REG_SZ c:\windows\syswow64\nvinit.dll c:\program files (x86)\optimizer NaturalInputHandler REG_SZ Ninput.dll ThreadUnresponsiveLogTimeout REG_DWORD 0x1f4 GDIProcessHandleQuota REG_DWORD 0x2710 ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d C:\Windows\system32\nvinitx.dll /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d C:\Windows\SysWOW64\nvinit.dll /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {779A2E64-4866-4DC0-893A-609F3F79FCD6} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {779A2E64-4866-4DC0-893A-609F3F79FCD6} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-21 11:28:53)<= C:\Users\JoannaM\AppData\Roaming\pwo6\lock => Is moved successfully. C:\Users\JoannaM\AppData\Roaming\pwo6\svchost.exe => Is moved successfully. C:\Users\JoannaM\AppData\Roaming\pwo6 => Is moved successfully. ==== End of Fixlog ====