Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015 Ran by marek at 2015-07-23 00:02:07 Run:1 Running from C:\Users\marek\Downloads Loaded Profiles: marek (Available Profiles: marek & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {11C2D8D3-D5DE-4E7D-AE1B-8294CA2954B6} - System32\Tasks\mGG512MnSIdnvy5Y2 => C:\Users\marek\AppData\Roaming\mGG512MnSIdnvy5Y2.exe <==== ATTENTION Task: {35CAA165-22AE-451C-B1CA-7A7F3B4AE22A} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-10] () <==== ATTENTION C:\Program Files (x86)\globalUpdate Task: {66A7B82B-2D32-4771-B687-26A1E3A7B293} - System32\Tasks\shopping_blast_updating_service => C:\Program Files (x86)\shopping blast\shopping_blast_updating_service.exe <==== ATTENTION C:\Program Files (x86)\shopping blast Task: {7832BAC3-89D8-4A8C-9E98-BDDE6145D8C0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-10] () <==== ATTENTION Task: {783C2F94-5064-4F48-A177-C4A98F52499D} - System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-1 => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-codedownloader.exe <==== ATTENTION Task: {C818257F-23F8-4C2B-83F0-CFB5D79D937B} - System32\Tasks\shopping_blast_notification_service => C:\Program Files (x86)\shopping blast\shopping_blast_notification_service.exe <==== ATTENTION Task: {D1FD3124-AFEB-47C8-8CB1-7F1027A896BB} - System32\Tasks\WjzZXhfpH3kkrdazWC7CyhJ71 => C:\Users\marek\AppData\Roaming\WjzZXhfpH3kkrdazWC7CyhJ71.exe <==== ATTENTION Task: C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-1.job => C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-codedownloader.exeȐ/PaDSlQIxQ /kHeyKtCnY=task /mLiPBeS='Plus-HD-9.6' /QPiZtrGsN=57304 /ucDecd='001618' /ETmUE='0' /KKmmnE='0' /QuSLO=CBEA848EEF7B47B6865C20D21BB78294IE /nVvOx=179da43b36146914a97d8300517dfc40 /AlfcCUDUr=1_34_05_29 /cXEcDlRD=1.34.5.29 /cZbRYEv=1402420322 /ruVmBU=http:/stats.datademoserv.com /OxGjPrNBI=http:/errors.datademoserv.com /XEVFhhjiK=http:/js.datademoserv.com /zzndPsBc=ff /NJSvybU /ZfZrx='{asw:[0, 4]}' /yfRmRb='http:/update.datademoserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\mGG512MnSIdnvy5Y2.job => C:\Users\marek\AppData\Roaming\mGG512MnSIdnvy5Y2.exe <==== ATTENTION Task: C:\Windows\Tasks\shopping_blast_notification_service.job => C:\Program Files (x86)\shopping blast\shopping_blast_notification_service.exeǪ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='shopping blast' /appid='73143' /srcid='2913' /bic='04b6ce5ceabf92d6d22ef7c9aa3ec537' /verifier='9d4268c0800f6e98203a40ca2f4b89c9' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION Task: C:\Windows\Tasks\shopping_blast_updating_service.job => C:\Program Files (x86)\shopping blast\shopping_blast_updating_service.exe¯ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=shopping_blast_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION Task: C:\Windows\Tasks\WjzZXhfpH3kkrdazWC7CyhJ71.job => C:\Users\marek\AppData\Roaming\WjzZXhfpH3kkrdazWC7CyhJ71.exe <==== ATTENTION SearchScopes: HKLM -> {1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF SearchScopes: HKLM-x32 -> {1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF SearchScopes: HKU\S-1-5-21-3963615497-4212273936-1433084501-1001 -> {1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3963615497-4212273936-1433084501-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF SearchScopes: HKU\S-1-5-21-3963615497-4212273936-1433084501-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF BHO: Plus-HD-9.6 -> {11111111-1111-1111-1111-110511731104} -> C:\Program Files (x86)\Plus-HD-9.6\Plus-HD-9.6-bho64.dll [2014-06-10] () FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-07-17] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-07-17] <==== ATTENTION 2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\marek\AppData\Roaming\mGG512MnSIdnvy5Y2 2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\marek\AppData\Roaming\WjzZXhfpH3kkrdazWC7CyhJ71 2015-06-20 17:36 - 2015-06-20 17:36 - 0000000 ____H () C:\Users\marek\AppData\Local\BIT7273.tmp 2015-06-20 17:35 - 2015-06-20 17:35 - 0000000 _____ () C:\Users\marek\AppData\Local\{E45E07A7-9B7E-4B56-8EA6-6FA1E26D6EB3} EmptyTemp: Reboot: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11C2D8D3-D5DE-4E7D-AE1B-8294CA2954B6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11C2D8D3-D5DE-4E7D-AE1B-8294CA2954B6}" => key removed successfully C:\Windows\System32\Tasks\mGG512MnSIdnvy5Y2 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mGG512MnSIdnvy5Y2" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35CAA165-22AE-451C-B1CA-7A7F3B4AE22A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35CAA165-22AE-451C-B1CA-7A7F3B4AE22A}" => key removed successfully C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully C:\Program Files (x86)\globalUpdate => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66A7B82B-2D32-4771-B687-26A1E3A7B293}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A7B82B-2D32-4771-B687-26A1E3A7B293}" => key removed successfully C:\Windows\System32\Tasks\shopping_blast_updating_service => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\shopping_blast_updating_service" => key removed successfully C:\Program Files (x86)\shopping blast => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7832BAC3-89D8-4A8C-9E98-BDDE6145D8C0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7832BAC3-89D8-4A8C-9E98-BDDE6145D8C0}" => key removed successfully C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{783C2F94-5064-4F48-A177-C4A98F52499D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{783C2F94-5064-4F48-A177-C4A98F52499D}" => key removed successfully C:\Windows\System32\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-1 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-1" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C818257F-23F8-4C2B-83F0-CFB5D79D937B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C818257F-23F8-4C2B-83F0-CFB5D79D937B}" => key removed successfully C:\Windows\System32\Tasks\shopping_blast_notification_service => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\shopping_blast_notification_service" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1FD3124-AFEB-47C8-8CB1-7F1027A896BB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1FD3124-AFEB-47C8-8CB1-7F1027A896BB}" => key removed successfully C:\Windows\System32\Tasks\WjzZXhfpH3kkrdazWC7CyhJ71 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WjzZXhfpH3kkrdazWC7CyhJ71" => key removed successfully C:\Windows\Tasks\bd69fe80-f1b1-4f8f-b1a7-9e87900f7877-1.job => moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully. C:\Windows\Tasks\mGG512MnSIdnvy5Y2.job => moved successfully. C:\Windows\Tasks\shopping_blast_notification_service.job => moved successfully. C:\Windows\Tasks\shopping_blast_updating_service.job => moved successfully. C:\Windows\Tasks\WjzZXhfpH3kkrdazWC7CyhJ71.job => moved successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F}" => key removed successfully HKCR\CLSID\{1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F}" => key removed successfully HKCR\Wow6432Node\CLSID\{1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKU\S-1-5-21-3963615497-4212273936-1433084501-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F}" => key removed successfully HKCR\CLSID\{1FF6D283-B2D7-4967-B4B3-C4E5B1E58F7F} => key not found. "HKU\S-1-5-21-3963615497-4212273936-1433084501-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. "HKU\S-1-5-21-3963615497-4212273936-1433084501-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511731104}" => key removed successfully "HKCR\CLSID\{11111111-1111-1111-1111-110511731104}" => key removed successfully "C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js" => not found. C:\Program Files (x86)\mozilla firefox\my.cfg => moved successfully. C:\Users\marek\AppData\Roaming\mGG512MnSIdnvy5Y2 => moved successfully. C:\Users\marek\AppData\Roaming\WjzZXhfpH3kkrdazWC7CyhJ71 => moved successfully. C:\Users\marek\AppData\Local\BIT7273.tmp => moved successfully. C:\Users\marek\AppData\Local\{E45E07A7-9B7E-4B56-8EA6-6FA1E26D6EB3} => moved successfully. EmptyTemp: => 1.1 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 00:04:00 ====