Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2013 01 Ran by Seba at 2013-12-17 14:28:46 Run:1 Running from C:\Users\Seba\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1383205105&from=cor&uid=395049983_397234_C0F9D17C HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1383205105&from=cor&uid=395049983_397234_C0F9D17C HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1383205105&from=cor&uid=395049983_397234_C0F9D17C HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1383205105&from=cor&uid=395049983_397234_C0F9D17C HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1383205105&from=cor&uid=395049983_397234_C0F9D17C HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1383205105&from=cor&uid=395049983_397234_C0F9D17C StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383205105&from=cor&uid=395049983_397234_C0F9D17C SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383205114&from=cor&uid=395049983_397234_C0F9D17C&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383205114&from=cor&uid=395049983_397234_C0F9D17C&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383205114&from=cor&uid=395049983_397234_C0F9D17C&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383205114&from=cor&uid=395049983_397234_C0F9D17C&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383205114&from=cor&uid=395049983_397234_C0F9D17C&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383205114&from=cor&uid=395049983_397234_C0F9D17C&q={searchTerms} SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://start.qone8.com/?type=sc&ts=1383205105&from=cor&uid=395049983_397234_C0F9D17C CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx Task: {3476A90F-4B65-4E05-853D-CC5942618B02} - System32\Tasks\{C6953C64-CC6A-4630-BDD1-5E11EB16BD0B} => G:\Install.exe Task: {D4600CCB-2326-4C33-B643-DD1D7AD63148} - System32\Tasks\{AECA6895-5820-4A62-A0C8-DF7F91091640} => G:\Install.exe Task: {E22E1973-FF0E-43AF-A9B5-3B1E7BB25538} - System32\Tasks\{A5F03E1A-4163-4F6C-BFA9-BA4AB47DCC69} => G:\Install.exe Task: {E24BE088-5CE9-4B42-A50F-5564C91F5FBD} - System32\Tasks\{BA05095F-AE47-46A8-A8ED-9C8928C045CB} => G:\Install.exe S2 PowerManager; C:\Windows\svchost.exe [x] S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 xhunter1; \??\C:\Windows\xhunter1.sys [x] C:\Users\Seba\AppData\Roaming\B1Toolbar C:\Users\Seba\AppData\Roaming\eDownload C:\Users\Seba\AppData\Roaming\LOVE C:\Users\Seba\Downloads\NET-Framework(17635).exe CMD: netsh advfirewall reset ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => Key deleted successfully. HKCR\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully. C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found. HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin => Key deleted successfully. C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml => Moved successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cekcjpgehmohobmdiikfnopibipmgnml => Key deleted successfully. C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo => Key deleted successfully. "C:\Users\Seba\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3476A90F-4B65-4E05-853D-CC5942618B02} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3476A90F-4B65-4E05-853D-CC5942618B02} => Key deleted successfully. C:\Windows\System32\Tasks\{C6953C64-CC6A-4630-BDD1-5E11EB16BD0B} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6953C64-CC6A-4630-BDD1-5E11EB16BD0B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4600CCB-2326-4C33-B643-DD1D7AD63148} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4600CCB-2326-4C33-B643-DD1D7AD63148} => Key deleted successfully. C:\Windows\System32\Tasks\{AECA6895-5820-4A62-A0C8-DF7F91091640} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AECA6895-5820-4A62-A0C8-DF7F91091640} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E22E1973-FF0E-43AF-A9B5-3B1E7BB25538} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22E1973-FF0E-43AF-A9B5-3B1E7BB25538} => Key deleted successfully. C:\Windows\System32\Tasks\{A5F03E1A-4163-4F6C-BFA9-BA4AB47DCC69} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5F03E1A-4163-4F6C-BFA9-BA4AB47DCC69} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E24BE088-5CE9-4B42-A50F-5564C91F5FBD} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E24BE088-5CE9-4B42-A50F-5564C91F5FBD} => Key deleted successfully. C:\Windows\System32\Tasks\{BA05095F-AE47-46A8-A8ED-9C8928C045CB} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BA05095F-AE47-46A8-A8ED-9C8928C045CB} => Key deleted successfully. PowerManager => Service deleted successfully. WsysSvc => Service deleted successfully. EagleX64 => Service deleted successfully. VGPU => Service deleted successfully. xhunter1 => Service deleted successfully. C:\Users\Seba\AppData\Roaming\B1Toolbar => Moved successfully. C:\Users\Seba\AppData\Roaming\eDownload => Moved successfully. C:\Users\Seba\AppData\Roaming\LOVE => Moved successfully. C:\Users\Seba\Downloads\NET-Framework(17635).exe => Moved successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ==== End of Fixlog ====