Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015 Ran by Iwona at 2015-01-07 22:06:39 Run:1 Running from C:\Users\Iwona\Downloads Loaded Profile: Iwona (Available profiles: Iwona) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll No File FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx [Not Found] Task: {5AA88332-FE37-44D8-BB60-23A4ACE3AC7E} - System32\Tasks\{7474CC67-77BE-435B-BEB7-0DD74B92228A} => pcalua.exe -a C:\Users\Iwona\Downloads\HexagemV120.exe -d C:\Users\Iwona\Downloads HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" CMD: for /d %f in (C:\Users\Iwona\AppData\Local\{*}) do rd /s /q "%f" C:\ProgramData\K01Rffky.dat C:\ProgramData\TEMP C:\Users\Iwona\AppData\Local\{*} C:\Users\Iwona\AppData\Local\BIT4394.tmp Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. cleanhlp => Service deleted successfully. sptd => Service deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully. HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Key not found. "HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282" => Key deleted successfully. "HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AA88332-FE37-44D8-BB60-23A4ACE3AC7E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AA88332-FE37-44D8-BB60-23A4ACE3AC7E}" => Key deleted successfully. C:\Windows\System32\Tasks\{7474CC67-77BE-435B-BEB7-0DD74B92228A} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7474CC67-77BE-435B-BEB7-0DD74B92228A}" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys" => Key deleted successfully. ========= for /d %f in (C:\Users\Iwona\AppData\Local\{*}) do rd /s /q "%f" ========= ========= End of CMD: ========= C:\ProgramData\K01Rffky.dat => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Iwona\AppData\Local\{*} => Moved successfully. C:\Users\Iwona\AppData\Local\BIT4394.tmp => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 129.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:06:52 ====