Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014 Ran by Ania at 2014-03-11 18:20:09 Run:1 Running from C:\VIR Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3331423257-2520070200-3785123888-1000\...\CurrentVersion\Windows: [Load] C:\Users\Ania\LOCALS~1\Temp\ccanvuef.scr <===== ATTENTION HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [NPSStartup] - [X] Task: {134E21AB-9468-49B8-9542-EEA86A55F4B8} - \DealPly No Task File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2D2A6FBC-210C-4982-836C-2813490DB157} URL = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH SearchScopes: HKCU - {2D2A6FBC-210C-4982-836C-2813490DB157} URL = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear Toolbar: HKLM-x32 - No Name - {E85E1320-D9EE-403B-969F-4A021940F5D8} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {E85E1320-D9EE-403B-969F-4A021940F5D8} - No File R3 ALSysIO; \??\C:\Users\Ania\AppData\Local\Temp\ALSysIO64.sys [X] S1 bndcawmt; \??\C:\Windows\system32\drivers\bndcawmt.sys [X] S1 hiuupysm; \??\C:\Windows\system32\drivers\hiuupysm.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S1 zptfncra; \??\C:\Windows\system32\drivers\zptfncra.sys [X] C:\Users\Ania\AppData\Local\Temp*.html C:\Users\Ania\AppData\Local\tmp*.* C:\Users\Ania\AppData\Roaming\_MDLogs Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\ezSharedSvc /s ***************** HKU\S-1-5-21-3331423257-2520070200-3785123888-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{134E21AB-9468-49B8-9542-EEA86A55F4B8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{134E21AB-9468-49B8-9542-EEA86A55F4B8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2D2A6FBC-210C-4982-836C-2813490DB157} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{2D2A6FBC-210C-4982-836C-2813490DB157} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D2A6FBC-210C-4982-836C-2813490DB157} => Key deleted successfully. HKCR\CLSID\{2D2A6FBC-210C-4982-836C-2813490DB157} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{E85E1320-D9EE-403B-969F-4A021940F5D8} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{E85E1320-D9EE-403B-969F-4A021940F5D8} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E85E1320-D9EE-403B-969F-4A021940F5D8} => Value deleted successfully. HKCR\CLSID\{E85E1320-D9EE-403B-969F-4A021940F5D8} => Key not found. ALSysIO => Unable to stop service ALSysIO => Service deleted successfully. bndcawmt => Service deleted successfully. hiuupysm => Service deleted successfully. RtsUIR => Service deleted successfully. USBCCID => Service deleted successfully. zptfncra => Service deleted successfully. C:\Users\Ania\AppData\Local\Temp*.html => Moved successfully. C:\Users\Ania\AppData\Local\tmp*.* => Moved successfully. C:\Users\Ania\AppData\Roaming\_MDLogs => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\ezSharedSvc /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ezSharedSvc Start REG_DWORD 0x2 Description REG_SZ Provides various services to Magic Desktop and other Easybits applications. Type REG_DWORD 0x20 ErrorControl REG_DWORD 0x0 ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs DisplayName REG_SZ Easybits Shared Services for Windows WOW64 REG_DWORD 0x1 ObjectName REG_SZ LocalSystem InstalledClients REG_SZ md; HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ezSharedSvc\Parameters ServiceDll REG_EXPAND_SZ C:\Windows\System32\ezsvc7.dll ========= End of Reg: ========= ==== End of Fixlog ====