Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2013 Ran by Seba at 2013-12-06 18:28:28 Run:1 Running from C:\Users\Seba\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 PirritUpdater; Task: {95E21D96-B044-4563-B8E5-E4CDA863CE88} - \Dealply No Task File Task: {EA66F9D2-4429-44DF-AA00-2BBE2C01AB52} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Seba\AppData\Local\FilesFrog Update Checker\update_checker.exe AppInit_DLLs: [ ] () HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1386181036&from=smt&uid=ST3500418AS_9VM0N4JMXXXX9VM0N4JM&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1386181036&from=smt&uid=ST3500418AS_9VM0N4JMXXXX9VM0N4JM&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1386181036&from=smt&uid=ST3500418AS_9VM0N4JMXXXX9VM0N4JM&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1386181036&from=smt&uid=ST3500418AS_9VM0N4JMXXXX9VM0N4JM&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1386181036&from=smt&uid=ST3500418AS_9VM0N4JMXXXX9VM0N4JM&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM-x32 - URL http://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=4.9&ts=1384124400000.000007&tguid=66817-8086-1384172968437-3A9066C2B296CEC4074252CEC0FD23BC&q={searchTerms} SearchScopes: HKLM-x32 - SuggestionsURL_JSON http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66807&gid=66817-8086-1384172968437-3A9066C2B296CEC4074252CEC0FD23BC&dbCode=1&command={searchTerms} SearchScopes: HKLM-x32 - TopResultURLFallback http://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=4.9&ts=1384124400000.000007&tguid=66817-8086-1384172968437-3A9066C2B296CEC4074252CEC0FD23BC&q={searchTerms} SearchScopes: HKCU - URL http://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=4.9&ts=1384124400000.000007&tguid=66817-8086-1384172968437-3A9066C2B296CEC4074252CEC0FD23BC&q={searchTerms} SearchScopes: HKCU - SuggestionsURL_JSON http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66807&gid=66817-8086-1384172968437-3A9066C2B296CEC4074252CEC0FD23BC&dbCode=1&command={searchTerms} SearchScopes: HKCU - TopResultURLFallback http://search.certified-toolbar.com?si=66807&st=bs&tid=6724&ver=4.9&ts=1384124400000.000007&tguid=66817-8086-1384172968437-3A9066C2B296CEC4074252CEC0FD23BC&q={searchTerms} SearchScopes: HKCU - {D10A4DAD-5AB0-40EC-ABCA-EDF23AB2BF37} URL = http://search.liftofftoolbar.com/?q={searchTerms} BHO-x32: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File S4 nvvad_WaveExtensible; No ImagePath S3 Synth3dVsc; No ImagePath S3 tsusbhub; No ImagePath S3 VGPU; No ImagePath C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat C:\Users\Seba\AppData\Local\Google\Chrome C:\Users\Seba\AppData\Local\cache C:\Users\Seba\daemonprocess.txt Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ***************** PirritUpdater => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95E21D96-B044-4563-B8E5-E4CDA863CE88} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95E21D96-B044-4563-B8E5-E4CDA863CE88} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA66F9D2-4429-44DF-AA00-2BBE2C01AB52} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA66F9D2-4429-44DF-AA00-2BBE2C01AB52} => Key deleted successfully. C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D10A4DAD-5AB0-40EC-ABCA-EDF23AB2BF37} => Key deleted successfully. HKCR\CLSID\{D10A4DAD-5AB0-40EC-ABCA-EDF23AB2BF37} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d} => Key deleted successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully. C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found. HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc => Key deleted successfully. C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found. nvvad_WaveExtensible => Service deleted successfully. Synth3dVsc => Service deleted successfully. tsusbhub => Service deleted successfully. VGPU => Service deleted successfully. C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat => Moved successfully. C:\Users\Seba\AppData\Local\Google\Chrome => Moved successfully. C:\Users\Seba\AppData\Local\cache => Moved successfully. C:\Users\Seba\daemonprocess.txt => Moved successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====