Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015 Ran by Ewa at 2015-01-06 14:53:36 Run:1 Running from C:\Users\Ewa\Downloads Loaded Profile: Ewa (Available profiles: Ewa) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R1 {97c4cab6-61b3-4540-9274-f278ba746bf7}w64; C:\Windows\System32\drivers\{97c4cab6-61b3-4540-9274-f278ba746bf7}w64.sys [48776 2014-11-26] (StdLib) R1 {a459d632-5225-4bb9-9a0b-002544d16f6e}w64; C:\Windows\System32\drivers\{a459d632-5225-4bb9-9a0b-002544d16f6e}w64.sys [61112 2014-04-24] (StdLib) R1 {c97511ae-4154-409f-acea-ebd22476ac29}w64; C:\Windows\System32\drivers\{c97511ae-4154-409f-acea-ebd22476ac29}w64.sys [48776 2014-12-02] (StdLib) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-10] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-10] (BonanzaDeals) R2 MaintainerSvc7.81.724469; C:\ProgramData\fc69a316-ef1a-4795-843b-0146c382b2b0\maintainer.exe [123632 2015-01-05] () R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV) R2 Update BatBrowse; C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe [524528 2015-01-05] () R2 Util BatBrowse; C:\Program Files (x86)\BatBrowse\bin\utilBatBrowse.exe [524528 2015-01-05] () Task: {001A82CD-92CA-4DE7-B420-49DB52DE494D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe Task: {0D1BAB00-C1BE-498A-BEEE-6D09F9FCBA28} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-10] (BonanzaDeals) <==== ATTENTION Task: {1F0D4589-B017-4D34-83CA-115650EB4085} - System32\Tasks\Yahoo! Search => C:\Users\Ewa\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION Task: {3123A6DA-D45D-48BA-972B-EF3AA3A83B6F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe Task: {471189BA-45F2-41C6-9263-E5B42B55827E} - System32\Tasks\Yahoo! Search Updater => C:\Users\Ewa\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrsetup.exe [2014-12-21] (Pay By Ads LTD) <==== ATTENTION Task: {472300DD-C000-4D98-9FE9-5987F4BA7E36} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION Task: {8A098222-B835-4374-B14E-1822BE5AB3C0} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-10] (BonanzaDeals) <==== ATTENTION Task: {CF8DDB0E-0EAA-4C31-A6FC-C593A4E5F3CD} - System32\Tasks\FoxTab => C:\Users\Ewa\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\Ewa\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-2354558839-626714277-1970587182-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na SearchScopes: HKU\S-1-5-21-2354558839-626714277-1970587182-1001 -> DefaultScope {6110B161-C8E5-4FD1-B03A-C09262A969F5} URL = SearchScopes: HKU\S-1-5-21-2354558839-626714277-1970587182-1001 -> {6110B161-C8E5-4FD1-B03A-C09262A969F5} URL = SearchScopes: HKU\S-1-5-21-2354558839-626714277-1970587182-1001 -> {D1952EC9-E7DE-4DA2-A110-BC7E668BA17B} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=793 BHO-x32: BatBrowse 1.0.0.6 -> {a7262c86-7809-4d76-a726-5a379f1a3158} -> C:\Program Files (x86)\BatBrowse\BatBrowseBHO.dll (BatBrowse) BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) C:\ProgramData\fc69a316-ef1a-4795-843b-0146c382b2b0 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV C:\Users\Ewa\AppData\Local\Google C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals C:\Users\Ewa\AppData\Roaming\newnext.me C:\Windows\System32\drivers\{97c4cab6-61b3-4540-9274-f278ba746bf7}w64.sys C:\Windows\System32\drivers\{a459d632-5225-4bb9-9a0b-002544d16f6e}w64.sys C:\Windows\System32\drivers\{c97511ae-4154-409f-acea-ebd22476ac29}w64.sys C:\Windows\System32\Tasks\Norton Anti-Theft ***************** Processes closed successfully. Restore point was successfully created. {97c4cab6-61b3-4540-9274-f278ba746bf7}w64 => Unable to stop service {97c4cab6-61b3-4540-9274-f278ba746bf7}w64 => Service deleted successfully. {a459d632-5225-4bb9-9a0b-002544d16f6e}w64 => Unable to stop service {a459d632-5225-4bb9-9a0b-002544d16f6e}w64 => Service deleted successfully. {c97511ae-4154-409f-acea-ebd22476ac29}w64 => Unable to stop service {c97511ae-4154-409f-acea-ebd22476ac29}w64 => Service deleted successfully. bonanzadealslive => Service deleted successfully. bonanzadealslivem => Service deleted successfully. MaintainerSvc7.81.724469 => Service deleted successfully. PanService => Service deleted successfully. Update BatBrowse => Unable to stop service Update BatBrowse => Service deleted successfully. Util BatBrowse => Unable to stop service Util BatBrowse => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{001A82CD-92CA-4DE7-B420-49DB52DE494D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{001A82CD-92CA-4DE7-B420-49DB52DE494D}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton Anti-Theft\Norton Error Processor => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D1BAB00-C1BE-498A-BEEE-6D09F9FCBA28}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D1BAB00-C1BE-498A-BEEE-6D09F9FCBA28}" => Key deleted successfully. C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F0D4589-B017-4D34-83CA-115650EB4085} => Key not found. C:\Windows\System32\Tasks\Yahoo! Search => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3123A6DA-D45D-48BA-972B-EF3AA3A83B6F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3123A6DA-D45D-48BA-972B-EF3AA3A83B6F}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{471189BA-45F2-41C6-9263-E5B42B55827E} => Key not found. C:\Windows\System32\Tasks\Yahoo! Search Updater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{472300DD-C000-4D98-9FE9-5987F4BA7E36}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{472300DD-C000-4D98-9FE9-5987F4BA7E36}" => Key deleted successfully. C:\Windows\System32\Tasks\BonanzaDealsUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A098222-B835-4374-B14E-1822BE5AB3C0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A098222-B835-4374-B14E-1822BE5AB3C0}" => Key deleted successfully. C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF8DDB0E-0EAA-4C31-A6FC-C593A4E5F3CD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF8DDB0E-0EAA-4C31-A6FC-C593A4E5F3CD}" => Key deleted successfully. C:\Windows\System32\Tasks\FoxTab => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" => Key deleted successfully. C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => Moved successfully. C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => Moved successfully. C:\WINDOWS\Tasks\FoxTab.job => Moved successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\S-1-5-21-2354558839-626714277-1970587182-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2354558839-626714277-1970587182-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2354558839-626714277-1970587182-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6110B161-C8E5-4FD1-B03A-C09262A969F5}" => Key deleted successfully. HKCR\CLSID\{6110B161-C8E5-4FD1-B03A-C09262A969F5} => Key not found. "HKU\S-1-5-21-2354558839-626714277-1970587182-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1952EC9-E7DE-4DA2-A110-BC7E668BA17B}" => Key deleted successfully. HKCR\CLSID\{D1952EC9-E7DE-4DA2-A110-BC7E668BA17B} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7262c86-7809-4d76-a726-5a379f1a3158}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{a7262c86-7809-4d76-a726-5a379f1a3158}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{fe063412-bea4-4d76-8ed3-183be6220d17}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3" => Key deleted successfully. C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9" => Key deleted successfully. C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll not found. C:\ProgramData\fc69a316-ef1a-4795-843b-0146c382b2b0 => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV => Moved successfully. C:\Users\Ewa\AppData\Local\Google => Moved successfully. C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie => Moved successfully. C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals => Moved successfully. C:\Users\Ewa\AppData\Roaming\newnext.me => Moved successfully. C:\Windows\System32\drivers\{97c4cab6-61b3-4540-9274-f278ba746bf7}w64.sys => Moved successfully. C:\Windows\System32\drivers\{a459d632-5225-4bb9-9a0b-002544d16f6e}w64.sys => Moved successfully. C:\Windows\System32\drivers\{c97511ae-4154-409f-acea-ebd22476ac29}w64.sys => Moved successfully. C:\Windows\System32\Tasks\Norton Anti-Theft => Moved successfully. The system needed a reboot. ==== End of Fixlog 14:54:36 ====