Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01 Ran by alan at 2014-12-15 17:55:58 Run:1 Running from C:\Users\alan\Downloads Loaded Profile: alan (Available profiles: alan) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:47574 ProxyEnable: [S-1-5-21-3898122870-386111202-1819820821-1000] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-3898122870-386111202-1819820821-1000] => http=127.0.0.1:53035;https=127.0.0.1:53035 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=612014251&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=612014251&ir= SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://start.mysearc...r=417167192&ir= SearchScopes: HKU\S-1-5-21-3898122870-386111202-1819820821-1000 -> {0ED8EE86-37BE-4E45-96A7-C0CC7C12C870} URL = http://websearch.ask...17-156EBCD5BF14 SearchScopes: HKU\S-1-5-21-3898122870-386111202-1819820821-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://start.mysearc...r=417167192&ir= Toolbar: HKU\S-1-5-21-3898122870-386111202-1819820821-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File FF SearchPlugin: C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\searchplugins\search.xml FF SearchPlugin: C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\searchplugins\yahoo-msd.xml FF Extension: MediaPlayer - C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi [2014-12-13] FF Extension: Search Manager 2 - C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\Extensions\{3f0ba114-7ec4-4ac6-ad6d-3b259c333458}.xpi [2014-11-24] R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [337920 2014-12-11] () [File not signed] R2 Internet Enhancer Service; C:\Program Files (x86)\WajaInternetEnhance\WajaInternetEnhance Internet Enhancer\InternetEnhancerService.exe [312320 2014-12-12] () [File not signed] R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [186880 2014-12-11] () [File not signed] 2014-12-14 11:48 - 2014-12-14 11:48 - 00001067 _____ () C:\Users\Public\Desktop\PC Tech Hotline.lnk 2014-12-14 11:48 - 2014-12-14 11:48 - 00000000 ____D () C:\Users\alan\AppData\Roaming\PC Tech Hotline 2014-12-14 11:48 - 2014-12-14 11:48 - 00000000 ____D () C:\ProgramData\Windows Discount 2014-12-14 11:48 - 2014-12-14 11:48 - 00000000 ____D () C:\Program Files (x86)\Windows Discount 2014-12-14 11:47 - 2014-12-14 22:48 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager 2014-12-14 11:47 - 2014-12-14 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaInternetEnhance 2014-12-14 11:47 - 2014-12-14 11:47 - 00000000 ____D () C:\Program Files (x86)\WajaInternetEnhance 2014-12-14 11:44 - 2014-12-14 11:44 - 00453128 _____ (Installer Technology Co) C:\Users\alan\Downloads\Setup_ODM.exe 2014-12-14 08:04 - 2014-12-14 08:04 - 04130384 _____ (NCH Software) C:\Users\alan\Downloads\gvsetup.exe 2014-12-14 08:04 - 2014-12-14 08:04 - 00000000 ____D () C:\Users\alan\AppData\Roaming\NCH Software 2014-12-14 08:04 - 2014-12-14 08:04 - 00000000 ____D () C:\ProgramData\NCH Software 2014-12-15 06:49 - 2014-11-07 17:44 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job 2014-12-14 12:58 - 2014-11-07 17:44 - 00000000 ____D () C:\Users\alan\AppData\Roaming\UpdaterEX Task: {5CED01F0-6C53-45BD-AD0C-F394AB07F1CB} - System32\Tasks\{69C81BDB-913A-41DD-B093-27956D9213BA} => E:\RepROM.exe Task: {5FA99C7A-7BFD-4E2A-8522-B9585D6FC915} - System32\Tasks\UpdaterEX => C:\Users\alan\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {F69B8C09-79E9-4808-B3E6-F1100A8E0BF6} - System32\Tasks\{9BAB0B04-493F-4244-BB0C-F4517D8AECCE} => E:\RepROM.exe Task: {F7FDBC3A-B7DE-46C4-B12B-03096136A8BF} - System32\Tasks\{FC5A5113-6833-45FC-A8B2-4F47A916BD60} => E:\RepROM.exe Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\alan\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\Users\alan\mfc71.dll C:\Users\alan\mfc71u.dll C:\Users\alan\msvcp71.dll C:\Users\alan\msvcr71.dll C:\Program Files (x86)\Windows NT C:\Program Files (x86)\WajaInternetEnhance C:\Program Files (x86)\Windows Discount EmptyTemp: CMD: bitsadmin /reset /allusers ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-21-3898122870-386111202-1819820821-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\S-1-5-21-3898122870-386111202-1819820821-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. "HKU\S-1-5-21-3898122870-386111202-1819820821-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ED8EE86-37BE-4E45-96A7-C0CC7C12C870}" => Key deleted successfully. "HKCR\CLSID\{0ED8EE86-37BE-4E45-96A7-C0CC7C12C870}" => Key not found. "HKU\S-1-5-21-3898122870-386111202-1819820821-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully. "HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found. HKU\S-1-5-21-3898122870-386111202-1819820821-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully. "HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found. C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\searchplugins\askcom.xml => Moved successfully. "C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\searchplugins\search.xml" => not found. C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\searchplugins\yahoo-msd.xml => Moved successfully. C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi => Moved successfully. C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\kcw302hw.default\Extensions\{3f0ba114-7ec4-4ac6-ad6d-3b259c333458}.xpi => Moved successfully. FindingDiscount => Unable to stop service FindingDiscount => Service deleted successfully. Internet Enhancer Service => Service stopped successfully. Internet Enhancer Service => Service deleted successfully. RuntimeManager => Unable to stop service RuntimeManager => Service deleted successfully. C:\Users\Public\Desktop\PC Tech Hotline.lnk => Moved successfully. C:\Users\alan\AppData\Roaming\PC Tech Hotline => Moved successfully. C:\ProgramData\Windows Discount => Moved successfully. "C:\Program Files (x86)\Windows Discount" directory move: Could not move "C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe" => Scheduled to move on reboot. Could not move "C:\Program Files (x86)\Windows Discount" directory. => Scheduled to move on reboot. C:\Program Files (x86)\OpenDownloaderManager => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaInternetEnhance => Moved successfully. C:\Program Files (x86)\WajaInternetEnhance => Moved successfully. C:\Users\alan\Downloads\Setup_ODM.exe => Moved successfully. C:\Users\alan\Downloads\gvsetup.exe => Moved successfully. C:\Users\alan\AppData\Roaming\NCH Software => Moved successfully. C:\ProgramData\NCH Software => Moved successfully. C:\Windows\Tasks\UpdaterEX.job => Moved successfully. C:\Users\alan\AppData\Roaming\UpdaterEX => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CED01F0-6C53-45BD-AD0C-F394AB07F1CB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CED01F0-6C53-45BD-AD0C-F394AB07F1CB}" => Key deleted successfully. C:\Windows\System32\Tasks\{69C81BDB-913A-41DD-B093-27956D9213BA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{69C81BDB-913A-41DD-B093-27956D9213BA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FA99C7A-7BFD-4E2A-8522-B9585D6FC915}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FA99C7A-7BFD-4E2A-8522-B9585D6FC915}" => Key deleted successfully. C:\Windows\System32\Tasks\UpdaterEX => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F69B8C09-79E9-4808-B3E6-F1100A8E0BF6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F69B8C09-79E9-4808-B3E6-F1100A8E0BF6}" => Key deleted successfully. C:\Windows\System32\Tasks\{9BAB0B04-493F-4244-BB0C-F4517D8AECCE} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BAB0B04-493F-4244-BB0C-F4517D8AECCE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7FDBC3A-B7DE-46C4-B12B-03096136A8BF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7FDBC3A-B7DE-46C4-B12B-03096136A8BF}" => Key deleted successfully. C:\Windows\System32\Tasks\{FC5A5113-6833-45FC-A8B2-4F47A916BD60} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC5A5113-6833-45FC-A8B2-4F47A916BD60}" => Key deleted successfully. C:\Windows\Tasks\UpdaterEX.job not found. C:\Users\alan\mfc71.dll => Moved successfully. C:\Users\alan\mfc71u.dll => Moved successfully. C:\Users\alan\msvcp71.dll => Moved successfully. C:\Users\alan\msvcr71.dll => Moved successfully. "C:\Program Files (x86)\Windows NT" directory move: C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll => Moved successfully. C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt => Moved successfully. C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt => Moved successfully. C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt => Moved successfully. C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt => Moved successfully. C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt => Moved successfully. C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt => Moved successfully. C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt => Moved successfully. C:\Program Files (x86)\Windows NT\TableTextService\en-US\TableTextService.dll.mui => Moved successfully. C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe => Moved successfully. C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll => Moved successfully. Could not move "C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe" => Scheduled to move on reboot. C:\Program Files (x86)\Windows NT\Accessories\en-US\wordpad.exe.mui => Moved successfully. Could not move "C:\Program Files (x86)\Windows NT" directory. => Scheduled to move on reboot. "C:\Program Files (x86)\WajaInternetEnhance" => File/Directory not found. "C:\Program Files (x86)\Windows Discount" directory move: Could not move "C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe" => Scheduled to move on reboot. Could not move "C:\Program Files (x86)\Windows Discount" directory. => Scheduled to move on reboot. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 1 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-15 17:58:53)<= C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe => Is moved successfully. C:\Program Files (x86)\Windows Discount => Is moved successfully. C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe => Is moved successfully. C:\Program Files (x86)\Windows NT => Is moved successfully. C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe => Is moved successfully. C:\Program Files (x86)\Windows Discount => Is moved successfully. ==== End of Fixlog ====