Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-08-2013 Ran by Sławek at 2013-08-26 10:30:49 Run:1 Running from C:\Users\Sławek\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe" [x] HKU\test\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB [x] URLSearchHook: (No Name) - {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No File SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyC0BzztDtB0AyCtBtAtB0EtN0D0Tzu0CtByByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=314907905 SearchScopes: HKLM - {E9C4C973-0779-4094-98BE-89732F6D61CC} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKCU - {05C72334-11F3-4e9f-8740-98128F52EFB9} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyC0BzztDtB0AyCtBtAtB0EtN0D0Tzu0CtByByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=314907905 SearchScopes: HKCU - {32D0F0C1-A090-8927-02B5-026995EF59BF} URL = http://search.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} SearchScopes: HKCU - {8864AF89-1937-433A-AC7A-B8D50A0669D4} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=DBD621C2-94E9-4828-BD98-655937E36B4A&apn_sauid=7F43C93A-A07C-498E-8711-331DA9CD50B4 SearchScopes: HKCU - {C6CA57DD-B3B1-4CDF-9BC3-5419ADFB0235} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKCU - {E9C4C973-0779-4094-98BE-89732F6D61CC} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Sławek\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Sławek\AppData\Local\Torch\Plugins\TorchPlugin.crx Task: {191B4CCC-3686-4D92-A377-07B74DF38739} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4A018AFF-C09B-4704-861F-FC2771FB75DE}.exe No File Task: {2D08399A-7461-4050-9810-1EECFE98EA76} - System32\Tasks\{5C82BE1A-F613-4FA1-8112-8734C345D287} => C:\Program Files\Internet Explorer\IEXPLORE.EXE [2013-07-25] (Microsoft Corporation) Task: {321787A0-8467-4905-B339-186B51D7DDE6} - System32\Tasks\{B730BAF7-61F0-4159-9704-7AA1C8CD52FE} => C:\Program Files\Internet Explorer\IEXPLORE.EXE [2013-07-25] (Microsoft Corporation) Task: {678A65E3-5036-4CF2-818D-FEB55E38651A} - System32\Tasks\{B9525808-5A4F-43D0-972F-06A6522826A0} => C:\Program Files\Internet Explorer\IEXPLORE.EXE [2013-07-25] (Microsoft Corporation) Task: {74103F8A-1CE8-4EA5-80CD-3BD22A720DF0} - \EPUpdater No Task File Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4A018AFF-C09B-4704-861F-FC2771FB75DE}.exe U1 eabfiltr; C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rich Media Player C:\Users\Sławek\AppData\Local\Rich Media Player C:\Users\Sławek\AppData\Roaming\Byu C:\Users\Sławek\AppData\Roaming\Cuenoh C:\Users\Sławek\AppData\Roaming\wsejhggg C:\Users\Sławek\AppData\Roaming\DVDVideoSoft C:\Program Files\Common Files\DVDVideoSoft C:\Program Files\Mozilla Firefox C:\Program Files\Uniblue C:\Program Files\SkanerOnline C:\Windows\TempB2E3FF62-27CC-9A83-DCEE-8C49769F3A7B-Signatures C:\Windows\Temp99F6ECCD-1CBD-EA17-80E3-2B32C4656A1F-Signatures C:\Windows\TempD8757403-6815-2653-6760-6B82ABF293EB-Signatures C:\Windows\Temp82E2BDE9-8162-D4F4-831F-6B6556AB4149-Signatures C:\Windows\Temp940F7F43-6C20-90B1-0063-B1F16F5D4758-Signatures Reg: reg delete "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Search Bar" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. HKU\test\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{124d001a-bdcb-472f-aa59-bbe7e4bc3204} => Value deleted successfully. HKCR\CLSID\{124d001a-bdcb-472f-aa59-bbe7e4bc3204} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9C4C973-0779-4094-98BE-89732F6D61CC} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{E9C4C973-0779-4094-98BE-89732F6D61CC} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05C72334-11F3-4e9f-8740-98128F52EFB9} => Key not found. HKCR\Wow6432Node\CLSID\{05C72334-11F3-4e9f-8740-98128F52EFB9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32D0F0C1-A090-8927-02B5-026995EF59BF} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{32D0F0C1-A090-8927-02B5-026995EF59BF} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8864AF89-1937-433A-AC7A-B8D50A0669D4} => Key not found. HKCR\Wow6432Node\CLSID\{8864AF89-1937-433A-AC7A-B8D50A0669D4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C6CA57DD-B3B1-4CDF-9BC3-5419ADFB0235} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{C6CA57DD-B3B1-4CDF-9BC3-5419ADFB0235} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9C4C973-0779-4094-98BE-89732F6D61CC} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{E9C4C973-0779-4094-98BE-89732F6D61CC} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} => Key deleted successfully. HKCR\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof => Key deleted successfully. "C:\Users\Sławek\AppData\Local\Torch\Plugins\TorchPlugin.crx" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{191B4CCC-3686-4D92-A377-07B74DF38739} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{191B4CCC-3686-4D92-A377-07B74DF38739} => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D08399A-7461-4050-9810-1EECFE98EA76} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D08399A-7461-4050-9810-1EECFE98EA76} => Key deleted successfully. C:\Windows\System32\Tasks\{5C82BE1A-F613-4FA1-8112-8734C345D287} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C82BE1A-F613-4FA1-8112-8734C345D287} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{321787A0-8467-4905-B339-186B51D7DDE6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{321787A0-8467-4905-B339-186B51D7DDE6} => Key deleted successfully. C:\Windows\System32\Tasks\{B730BAF7-61F0-4159-9704-7AA1C8CD52FE} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B730BAF7-61F0-4159-9704-7AA1C8CD52FE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{678A65E3-5036-4CF2-818D-FEB55E38651A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678A65E3-5036-4CF2-818D-FEB55E38651A} => Key deleted successfully. C:\Windows\System32\Tasks\{B9525808-5A4F-43D0-972F-06A6522826A0} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B9525808-5A4F-43D0-972F-06A6522826A0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74103F8A-1CE8-4EA5-80CD-3BD22A720DF0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74103F8A-1CE8-4EA5-80CD-3BD22A720DF0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. eabfiltr => Service deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rich Media Player => Moved successfully. C:\Users\Sławek\AppData\Local\Rich Media Player => Moved successfully. C:\Users\Sławek\AppData\Roaming\Byu => Moved successfully. C:\Users\Sławek\AppData\Roaming\Cuenoh => Moved successfully. C:\Users\Sławek\AppData\Roaming\wsejhggg => Moved successfully. C:\Users\Sławek\AppData\Roaming\DVDVideoSoft => Moved successfully. C:\Program Files\Common Files\DVDVideoSoft => Moved successfully. C:\Program Files\Mozilla Firefox => Moved successfully. C:\Program Files\Uniblue => Moved successfully. C:\Program Files\SkanerOnline => Moved successfully. C:\Windows\TempB2E3FF62-27CC-9A83-DCEE-8C49769F3A7B-Signatures => Moved successfully. C:\Windows\Temp99F6ECCD-1CBD-EA17-80E3-2B32C4656A1F-Signatures => Moved successfully. C:\Windows\TempD8757403-6815-2653-6760-6B82ABF293EB-Signatures => Moved successfully. C:\Windows\Temp82E2BDE9-8162-D4F4-831F-6B6556AB4149-Signatures => Moved successfully. C:\Windows\Temp940F7F43-6C20-90B1-0063-B1F16F5D4758-Signatures => Moved successfully. ========= reg delete "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Search Bar" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====