Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01 Ran by Mati at 2014-10-10 14:56:27 Run:1 Running from C:\Users\Mati\Desktop\Nowy folder Loaded Profile: Mati (Available profiles: Mati) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Task: {45A46785-8015-4117-A904-F462715F64C3} - System32\Tasks\Yahoo! Search Udpater => C:\Users\Mati\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe HKU\S-1-5-21-387397686-1775888049-2984414967-1000\...\Run: [Yahoo! Search] => C:\Users\Mati\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141006 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141006 S3 EverestDriver; C:\Users\Mati\AppData\Local\Temp\EverestDriver.sys [9728 2005-08-18] () [File not signed] C:\Users\Mati\AppData\Local\Pay-By-Ads C:\Users\Mati\Downloads\*(*)-dp.exe DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45A46785-8015-4117-A904-F462715F64C3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45A46785-8015-4117-A904-F462715F64C3}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search Udpater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Udpater" => Key deleted successfully. HKU\S-1-5-21-387397686-1775888049-2984414967-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. EverestDriver => Service deleted successfully. "C:\Users\Mati\AppData\Local\Pay-By-Ads" => File/Directory not found. C:\Users\Mati\Downloads\*(*)-dp.exe => Moved successfully. HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes => Key Deleted successfully. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes => Key Deleted successfully. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes => Key Deleted successfully. EmptyTemp: => Removed 5.2 GB temporary data. The system needed a reboot. ==== End of Fixlog ====