Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-09-2013 04 Ran by Czarek at 2013-09-02 18:44:20 Run:1 Running from C:\Users\Czarek\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [Oracle Java] - C:\Windows\system32\javaw.exe [149280 2012-03-10] (Sun Microsystems, Inc.) HKCU\...\Run: [Task Scheduler Engine] - C:\Users\Czarek\AppData\Local\Temp\Task Scheduler Engine\Task Scheduler Engine.exe [200192 2013-08-31] (Microsoft Corporation) <===== ATTENTION HKCU\...\Run: [System Protocol] - C:\Users\Czarek\AppData\Local\Temp\AppLunch\Task Scheduler Engine.exe [1169224 2010-11-05] (Microsoft Corporation) <===== ATTENTION HKCU\...\Run: [ASRockXTU] - [x] HKCU\...\Run: [zASRockInstantBoot] - [x] URLSearchHook: (No Name) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File URLSearchHook: (No Name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://pl.v9.com/?utm_source=b&utm_medium=cor SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 SearchScopes: HKLM - {B039E07F-F802-446a-A9EE-28C3A78897DA} URL = http://startsear.ch/?aff=1&src=sp&cf=1ec1d27e-186b-11e1-8676-002522cc5546&q={searchTerms} SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=34&r=2013/05/26&hid=2797312376&lg=EN&cc=PL&unqvl=16 SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F050002522CC5546&affID=121133&tsp=4991 SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F050002522CC5546&affID=121133&tsp=4991 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKCU - {B039E07F-F802-446a-A9EE-28C3A78897DA} URL = SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=34&r=2013/05/26&hid=2797312376&lg=EN&cc=PL&unqvl=16 BHO: SelectionLinks - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files\OApps\SelectionLinks.dll (SelectionLinks) BHO: TubeSaver - {8126319b-dc72-4c94-ab85-0ec9985fc040} - C:\Program Files\TubeSaver\131.dll (TubeSaver) BHO: No Name - {8DD0E67E-4ED8-5575-387E-6528E915638A} - No File Toolbar: HKCU -No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File Toolbar: HKCU -No Name - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - No File Toolbar: HKCU -No Name - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No File CHR HKLM\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files\VshareComplete\chrome\VshareCompleteChrome.crx CHR HKLM\...\Chrome\Extension: [hjfjcnbocflmiihlkadkdpeakcagfhai] - C:\Program Files\OApps\chrome-sl.crx CHR HKLM\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files\TubeSaver\131.crx Task: {A6F3CC3F-EF8A-41BA-969B-7DD8813E572D} - System32\Tasks\{FFB08C01-E17F-4E9D-A861-A5FB9B4E0A3C} => D:\GRY\Mafia II\Mafia II\pc\mafia2.exe No File Task: {C6B289E9-78B4-409C-BFFB-CA18D5774D38} - System32\Tasks\{1D9E3565-5A03-4734-9B9E-EEB056624FAD} => D:\GRY\Mafia II\Mafia II\pc\mafia2.exe No File Task: {EA5FD9F2-0209-4331-B0F3-C3C300DF1A69} - System32\Tasks\EPUpdater => C:\Users\Czarek\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {EE9DDA09-EDB9-444F-B62A-EE6518AA22C2} - System32\Tasks\{D2E96A31-EE46-4C91-BA91-46F81E965A71} => C:\Program Files\Internet Explorer\iexplore.exe [2013-07-26] (Microsoft Corporation) Task: {F4656BF8-59CD-4705-A402-4727D3233D7A} - System32\Tasks\{3FF8812A-F9C3-4701-B16F-E1E7DD6F6D60} => D:\GRY\Mafia II\Mafia II\pc\mafia2.exe No File S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [x] S2 AviraUpgradeService; S3 esgiguard; No ImagePath S3 Maplom; No ImagePath S3 MaplomL; No ImagePath S3 PCANDIS4; No ImagePath C:\Users\Czarek\AppData\Local\Temp\AppLunch C:\Users\Czarek\AppData\Local\Temp\Task Scheduler Engine C:\Users\Czarek\AppData\Local\avgchrome C:\Users\Czarek\AppData\Roaming\sqlite.jar C:\Users\Czarek\AppData\Roaming\Logs C:\Users\Czarek\AppData\Roaming\msgr C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender C:\Users\Czarek\AppData\Roaming\mozilla C:\Users\Czarek\DesktopFiddler2Upgrade.exe C:\ProgramData\BrowserDefender C:\ProgramData\DSearchLink C:\Program Files\MyPC Backup C:\Program Files\AppFiles C:\Program Files\DefaultTab C:\Program Files\TubeSaver C:\Program Files\Mozilla Firefox C:\Windows\System32\python24.dll C:\Windows\system32\searchplugins C:\Windows\system32\Extensions CMD: netsh advfirewall reset Reg: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f Reg: reg delete "HKCU\Software\Mozilla" /f ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Oracle Java => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Task Scheduler Engine => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\System Protocol => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} => Value deleted successfully. HKCR\CLSID\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} => Key not found. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} => Value deleted successfully. HKCR\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} => Key not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B039E07F-F802-446a-A9EE-28C3A78897DA} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B039E07F-F802-446a-A9EE-28C3A78897DA} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B039E07F-F802-446a-A9EE-28C3A78897DA} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B039E07F-F802-446a-A9EE-28C3A78897DA} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} => Key deleted successfully. HKCR\CLSID\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8126319b-dc72-4c94-ab85-0ec9985fc040} => Key deleted successfully. HKCR\CLSID\{8126319b-dc72-4c94-ab85-0ec9985fc040} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DD0E67E-4ED8-5575-387E-6528E915638A} => Key deleted successfully. HKCR\CLSID\{8DD0E67E-4ED8-5575-387E-6528E915638A} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => Value deleted successfully. HKCR\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB} => Value deleted successfully. HKCR\CLSID\{D43723AE-1AE1-4A25-A6A4-BF0929273CAB} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} => Value deleted successfully. HKCR\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} => Key not found. HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda => Key not found. "C:\Program Files\VshareComplete\chrome\VshareCompleteChrome.crx" => File/Directory not found. HKLM\SOFTWARE\Google\Chrome\Extensions\hjfjcnbocflmiihlkadkdpeakcagfhai => Key not found. "C:\Program Files\OApps\chrome-sl.crx" => File/Directory not found. HKLM\SOFTWARE\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada => Key deleted successfully. C:\Program Files\TubeSaver\131.crx => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6F3CC3F-EF8A-41BA-969B-7DD8813E572D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6F3CC3F-EF8A-41BA-969B-7DD8813E572D} => Key deleted successfully. C:\Windows\System32\Tasks\{FFB08C01-E17F-4E9D-A861-A5FB9B4E0A3C} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FFB08C01-E17F-4E9D-A861-A5FB9B4E0A3C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6B289E9-78B4-409C-BFFB-CA18D5774D38} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6B289E9-78B4-409C-BFFB-CA18D5774D38} => Key deleted successfully. C:\Windows\System32\Tasks\{1D9E3565-5A03-4734-9B9E-EEB056624FAD} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1D9E3565-5A03-4734-9B9E-EEB056624FAD} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA5FD9F2-0209-4331-B0F3-C3C300DF1A69} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA5FD9F2-0209-4331-B0F3-C3C300DF1A69} => Key deleted successfully. C:\Windows\System32\Tasks\EPUpdater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE9DDA09-EDB9-444F-B62A-EE6518AA22C2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE9DDA09-EDB9-444F-B62A-EE6518AA22C2} => Key deleted successfully. C:\Windows\System32\Tasks\{D2E96A31-EE46-4C91-BA91-46F81E965A71} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D2E96A31-EE46-4C91-BA91-46F81E965A71} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4656BF8-59CD-4705-A402-4727D3233D7A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4656BF8-59CD-4705-A402-4727D3233D7A} => Key deleted successfully. C:\Windows\System32\Tasks\{3FF8812A-F9C3-4701-B16F-E1E7DD6F6D60} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FF8812A-F9C3-4701-B16F-E1E7DD6F6D60} => Key deleted successfully. BrowserDefendert => Service deleted successfully. AviraUpgradeService => Service deleted successfully. esgiguard => Service deleted successfully. Maplom => Service deleted successfully. MaplomL => Service deleted successfully. PCANDIS4 => Service deleted successfully. C:\Users\Czarek\AppData\Local\Temp\AppLunch => Moved successfully. C:\Users\Czarek\AppData\Local\Temp\Task Scheduler Engine => Moved successfully. C:\Users\Czarek\AppData\Local\avgchrome => Moved successfully. C:\Users\Czarek\AppData\Roaming\sqlite.jar => Moved successfully. C:\Users\Czarek\AppData\Roaming\Logs => Moved successfully. C:\Users\Czarek\AppData\Roaming\msgr => Moved successfully. C:\Users\Czarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender => Moved successfully. C:\Users\Czarek\AppData\Roaming\mozilla => Moved successfully. C:\Users\Czarek\DesktopFiddler2Upgrade.exe => Moved successfully. C:\ProgramData\BrowserDefender => Moved successfully. C:\ProgramData\DSearchLink => Moved successfully. C:\Program Files\MyPC Backup => Moved successfully. C:\Program Files\AppFiles => Moved successfully. C:\Program Files\DefaultTab => Moved successfully. C:\Program Files\TubeSaver => Moved successfully. C:\Program Files\Mozilla Firefox => Moved successfully. C:\Windows\System32\python24.dll => Moved successfully. C:\Windows\system32\searchplugins => Moved successfully. C:\Windows\system32\Extensions => Moved successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Mozilla" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====