Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Yogi at 2014-03-15 14:11:45 Run:1 Running from C:\Users\Yogi\Desktop\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [X] HKLM\...\Policies\Explorer\Run: [16398] - C:\ProgramData\Local Settings\Temp\msqcbduw.com [77112 2009-07-14] ( (Microsoft Corporation)) HKU\S-1-5-21-3420556559-1411029670-803472814-1000\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-3420556559-1411029670-803472814-1000\...\Run: [Microsoft™ Update Software] - C:\Users\Yogi\AppData\Local\Temp\dll32.exe <===== ATTENTION HKU\S-1-5-21-3420556559-1411029670-803472814-1000\...\Policies\Explorer\Run: [FLT] - C:\Users\Yogi\AppData\Roaming\236420.exe [1169224 2013-08-29] (Microsoft Corporation) HKU\S-1-5-21-3420556559-1411029670-803472814-1000\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-21-3420556559-1411029670-803472814-1000\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-21-3420556559-1411029670-803472814-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\SysWOW64\Application Services\appsvc.exe" [2497024 2014-03-12] (e8nHYo9lNH) <==== ATTENTION IFEO\AvastSvc.exe: [Debugger] nqij.exe IFEO\AvastUI.exe: [Debugger] nqij.exe IFEO\avcenter.exe: [Debugger] nqij.exe IFEO\avconfig.exe: [Debugger] nqij.exe IFEO\avgcsrvx.exe: [Debugger] nqij.exe IFEO\avgidsagent.exe: [Debugger] nqij.exe IFEO\avgnt.exe: [Debugger] nqij.exe IFEO\avgrsx.exe: [Debugger] nqij.exe IFEO\avguard.exe: [Debugger] nqij.exe IFEO\avgui.exe: [Debugger] nqij.exe IFEO\avgwdsvc.exe: [Debugger] nqij.exe IFEO\avp.exe: [Debugger] nqij.exe IFEO\avscan.exe: [Debugger] nqij.exe IFEO\bdagent.exe: [Debugger] nqij.exe IFEO\blindman.exe: [Debugger] nqij.exe IFEO\ccuac.exe: [Debugger] nqij.exe IFEO\ComboFix.exe: [Debugger] nqij.exe IFEO\egui.exe: [Debugger] nqij.exe IFEO\hijackthis.exe: [Debugger] nqij.exe IFEO\instup.exe: [Debugger] nqij.exe IFEO\keyscrambler.exe: [Debugger] nqij.exe IFEO\mbam.exe: [Debugger] nqij.exe IFEO\mbamgui.exe: [Debugger] nqij.exe IFEO\mbampt.exe: [Debugger] nqij.exe IFEO\mbamscheduler.exe: [Debugger] nqij.exe IFEO\mbamservice.exe: [Debugger] nqij.exe IFEO\MpCmdRun.exe: [Debugger] nqij.exe IFEO\MSASCui.exe: [Debugger] nqij.exe IFEO\MsMpEng.exe: [Debugger] nqij.exe IFEO\msseces.exe: [Debugger] nqij.exe IFEO\rstrui.exe: [Debugger] nqij.exe IFEO\SDFiles.exe: [Debugger] nqij.exe IFEO\SDMain.exe: [Debugger] nqij.exe IFEO\SDWinSec.exe: [Debugger] nqij.exe IFEO\spybotsd.exe: [Debugger] nqij.exe IFEO\wireshark.exe: [Debugger] nqij.exe IFEO\zlclient.exe: [Debugger] nqij.exe Task: {5D592AB2-BFAF-4FFC-AD8A-BD2887A7E5DE} - \Scheduled Update for Ask Toolbar No Task File URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File BHO-x32: YouTube To ALLPlayer - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~2\ALLPLA~1\YOUTUB~1.DLL No File CHR HKLM-x32\...\Chrome\Extension: [aaaaoggiphohkihibdkcnhnokmkfmhnj] - C:\Users\Yogi\AppData\Local\APN\GoogleCRXs\aaaaoggiphohkihibdkcnhnokmkfmhnj_7.15.2.0.crx [2013-06-24] R4 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X] R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X] R4 Avgloga; system32\DRIVERS\avgloga.sys [X] R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X] R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X] C:\Program Files (x86)\ESET C:\ProgramData\AVAST Software C:\ProgramData\AVG2014 C:\ProgramData\Kaspersky Lab Setup Files C:\ProgramData\Local Settings C:\ProgramData\MFAData C:\Users\Yogi\AppData\Local\APN C:\Users\Yogi\AppData\Local\Avg2014 C:\Users\Yogi\AppData\Local\MFAData C:\Users\Yogi\AppData\Roaming\*.exe C:\Users\Yogi\AppData\Roaming\msconfig.ini C:\Users\Yogi\AppData\Roaming\2088719030 C:\Users\Yogi\AppData\Roaming\8C50400E C:\Users\Yogi\AppData\Roaming\AVG C:\Users\Yogi\AppData\Roaming\dsafdasfwfwea C:\Users\Yogi\AppData\Roaming\ESET C:\Users\Yogi\AppData\Roaming\gwregsrffewgttzfdxadhds C:\Users\Yogi\AppData\Roaming\MKKE C:\Users\Yogi\AppData\Roaming\TuneUp Software C:\Windows\SysWOW64\Application Services Reg: reg delete "HKCU\Software\Microsoft\Windows Script" /f Reg: reg delete "HKCU\Software\Microsoft\Windows Script Host" /f Reg: reg add HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v Start /t REG_DWORD /d 0x2 /f Reboot: ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\16398 => Value deleted successfully. HKU\S-1-5-21-3420556559-1411029670-803472814-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => Value not found. HKU\S-1-5-21-3420556559-1411029670-803472814-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft™ Update Software => Value not found. HKU\HKU\S-1-5-21-3420556559-1411029670-803472814-1000\...\Policies\Explorer\Run: [FLT] - C:\Users\Yogi\AppData\Roaming\236420.exe [1169224 2013-08-29] (Microsoft Corporation)\Software\Microsoft\Windows\CurrentVersion\Run\\FLT => Value not found. HKU\S-1-5-21-3420556559-1411029670-803472814-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully. HKU\S-1-5-21-3420556559-1411029670-803472814-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully. HKU\S-1-5-21-3420556559-1411029670-803472814-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D592AB2-BFAF-4FFC-AD8A-BD2887A7E5DE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D592AB2-BFAF-4FFC-AD8A-BD2887A7E5DE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Value not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61DB16C5-B733-43F4-872E-B20DC9E72740} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{61DB16C5-B733-43F4-872E-B20DC9E72740} => Key not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj => Key deleted successfully. "C:\Users\Yogi\AppData\Local\APN\GoogleCRXs\aaaaoggiphohkihibdkcnhnokmkfmhnj_7.15.2.0.crx" => File/Directory not found. AVGIDSDriver => Service not found. AVGIDSHA => Service not found. Avgloga => Service not found. Avgrkx64 => Service not found. Avgtdia => Service not found. C:\Program Files (x86)\ESET => Moved successfully. C:\ProgramData\AVAST Software => Moved successfully. "C:\ProgramData\AVG2014" => File/Directory not found. C:\ProgramData\Kaspersky Lab Setup Files => Moved successfully. C:\ProgramData\Local Settings => Moved successfully. C:\ProgramData\MFAData => Moved successfully. "C:\Users\Yogi\AppData\Local\APN" => File/Directory not found. "C:\Users\Yogi\AppData\Local\Avg2014" => File/Directory not found. C:\Users\Yogi\AppData\Local\MFAData => Moved successfully. C:\Users\Yogi\AppData\Roaming\*.exe => Moved successfully. C:\Users\Yogi\AppData\Roaming\msconfig.ini => Moved successfully. C:\Users\Yogi\AppData\Roaming\2088719030 => Moved successfully. C:\Users\Yogi\AppData\Roaming\8C50400E => Moved successfully. C:\Users\Yogi\AppData\Roaming\AVG => Moved successfully. C:\Users\Yogi\AppData\Roaming\dsafdasfwfwea => Moved successfully. C:\Users\Yogi\AppData\Roaming\ESET => Moved successfully. C:\Users\Yogi\AppData\Roaming\gwregsrffewgttzfdxadhds => Moved successfully. C:\Users\Yogi\AppData\Roaming\MKKE => Moved successfully. C:\Users\Yogi\AppData\Roaming\TuneUp Software => Moved successfully. C:\Windows\SysWOW64\Application Services => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Windows Script" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Windows Script Host" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v Start /t REG_DWORD /d 0x2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====