Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by domdz_000 at 2015-03-20 21:54:17 Run:1 Running from C:\Users\domdz_000\Desktop\wir Loaded Profiles: domdz_000 (Available profiles: domdz_000) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\...\Run: [CMD] => cmd.exe /c start http://zenigameblinger.org && exit <===== ATTENTION HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\...\MountPoints2: {c2c312a5-f6fa-11e2-be88-c4850844c5fe} - "E:\LGAutoRun.exe" HKLM\...\Policies\Explorer: [NoControlPanel] 0 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-1444083916-2435873415-4136039214-1002] => proxy.sgh.waw.pl:8080 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ SearchScopes: HKU\S-1-5-21-1444083916-2435873415-4136039214-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEBCB5416-43DC-4943-BDB1-220E1AA03E7C&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1444083916-2435873415-4136039214-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319597&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEBCB5416-43DC-4943-BDB1-220E1AA03E7C&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1444083916-2435873415-4136039214-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-1444083916-2435873415-4136039214-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - D:\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-26] S1 ccnfd_1_10_0_2; system32\drivers\ccnfd_1_10_0_2.sys [X] Task: {65DFCD4D-02C1-46BF-8C6D-918CBA270139} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION C:\ProgramData\TEMP C:\Users\domdz_000\AppData\Roaming\*.txt C:\Users\domdz_000\AppData\Roaming\appdataFr2.bin C:\Users\domdz_000\AppData\Roaming\Mozilla Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643} /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "C:\Windows\system32\nvinitx.dll" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "C:\Windows\SysWOW64\nvinit.dll" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully. "HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2c312a5-f6fa-11e2-be88-c4850844c5fe}" => Key deleted successfully. HKCR\CLSID\{c2c312a5-f6fa-11e2-be88-c4850844c5fe} => Key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. "HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. HKU\S-1-5-21-1444083916-2435873415-4136039214-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => Key deleted successfully. Could not move "D:\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot. ccnfd_1_10_0_2 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65DFCD4D-02C1-46BF-8C6D-918CBA270139}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65DFCD4D-02C1-46BF-8C6D-918CBA270139}" => Key deleted successfully. C:\Windows\System32\Tasks\YourFile DownloaderUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key deleted successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\domdz_000\AppData\Roaming\*.txt => Moved successfully. C:\Users\domdz_000\AppData\Roaming\appdataFr2.bin => Moved successfully. C:\Users\domdz_000\AppData\Roaming\Mozilla => Moved successfully. ========= reg delete HKCU\Software\Mozilla /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643} /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "C:\Windows\system32\nvinitx.dll" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "C:\Windows\SysWOW64\nvinit.dll" /f ========= The operation completed successfully. ========= End of Reg: ========= EmptyTemp: => Removed 1.1 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-20 21:57:35)<= "D:\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => File could not move. ==== End of Fixlog 21:57:35 ====