Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01 Ran by Beata at 2013-12-29 22:22:57 Run:1 Running from C:\Users\Beata\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CMD: md C:\Users\Beata\Desktop\Upload CMD: copy C:\Users\Beata\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi C:\Users\Beata\Desktop\Upload CMD: copy C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\lllbviwm.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi C:\Users\Beata\Desktop\Upload Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [738496 2013-10-18] () HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=3219913727_1787_34A06410&ts=1384004311&type=default&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=3219913727_1787_34A06410&ts=1384004311&type=default&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=3219913727_1787_34A06410&ts=1384004311&type=default&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=3219913727_1787_34A06410&ts=1384004311&type=default&q={searchTerms} SearchScopes: HKCU - DefaultScope {0EBD33CE-1EC4-436F-B981-D9F81C2C9E83} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 SearchScopes: HKCU - {0EBD33CE-1EC4-436F-B981-D9F81C2C9E83} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 S1 bozzsagd; \??\C:\Windows\system32\drivers\bozzsagd.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] C:\Windows\SysWOW64\libgcc_s_dw2-1.dll C:\Windows\SysWOW64\mingwm10.dll C:\Windows\SysWOW64\qtcore4.dll C:\Program Files (x86)\ChicaLogic C:\Program Files (x86)\Mobogenie C:\Program Files (x86)\Optimizer Pro C:\Users\Beata\daemonprocess.txt C:\Users\Beata\AppData\Local\cache C:\Users\Beata\AppData\Local\Conduit C:\Users\Beata\AppData\Local\CRE C:\Users\Beata\AppData\Local\Google C:\Users\Beata\AppData\Local\Mobogenie C:\Users\Beata\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} C:\Users\Beata\Documents\Chica Passwords C:\Users\Beata\Documents\Mobogenie C:\Users\wangzhisong ***************** ========= md C:\Users\Beata\Desktop\Upload ========= ========= End of CMD: ========= ========= copy C:\Users\Beata\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi C:\Users\Beata\Desktop\Upload ========= 1 file(s) copied. ========= End of CMD: ========= ========= copy C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\lllbviwm.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi C:\Users\Beata\Desktop\Upload ========= 1 file(s) copied. ========= End of CMD: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= The operation completed successfully. ========= End of Reg: ========= HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0EBD33CE-1EC4-436F-B981-D9F81C2C9E83} => Key deleted successfully. HKCR\CLSID\{0EBD33CE-1EC4-436F-B981-D9F81C2C9E83} => Key not found. bozzsagd => Service deleted successfully. catchme => Service deleted successfully. C:\Windows\SysWOW64\libgcc_s_dw2-1.dll => Moved successfully. C:\Windows\SysWOW64\mingwm10.dll => Moved successfully. C:\Windows\SysWOW64\qtcore4.dll => Moved successfully. C:\Program Files (x86)\ChicaLogic => Moved successfully. C:\Program Files (x86)\Mobogenie => Moved successfully. C:\Program Files (x86)\Optimizer Pro => Moved successfully. C:\Users\Beata\daemonprocess.txt => Moved successfully. C:\Users\Beata\AppData\Local\cache => Moved successfully. C:\Users\Beata\AppData\Local\Conduit => Moved successfully. C:\Users\Beata\AppData\Local\CRE => Moved successfully. C:\Users\Beata\AppData\Local\Google => Moved successfully. C:\Users\Beata\AppData\Local\Mobogenie => Moved successfully. C:\Users\Beata\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} => Moved successfully. C:\Users\Beata\Documents\Chica Passwords => Moved successfully. C:\Users\Beata\Documents\Mobogenie => Moved successfully. C:\Users\wangzhisong => Moved successfully. ==== End of Fixlog ====