Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01 Ran by Paweł at 2013-12-31 15:38:23 Run:1 Running from D:\Instalki\Skanowanie systemu Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {5038C2AC-B74D-41CD-BCB8-08A517D219CC} - System32\Tasks\MetaCrawler => C:\Users\PAWE~1\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\MetaCrawler.job => C:\Users\PAWE~1\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE HKCU\...\Policies\Explorer: [] Startup: C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e8zjg8w.lnk SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1388083011&from=wpc&uid=HitachiXHTS545050A7E380_TA95123VG87XAXG87XAXX&q={searchTerms} BHO: YoutubeAdblocker - {1D7F90DF-4BE5-0978-F3A4-4B8013C35F90} - C:\Program Files (x86)\YoutubeAdblocker\a.x64.dll () BHO: surf And keepa - {90CA0531-BD1E-ED0E-E1A7-2FAFA3B1AA5E} - C:\Program Files (x86)\surf And keepa\XVhgq.x64.dll () BHO-x32: YoutubeAdblocker - {1D7F90DF-4BE5-0978-F3A4-4B8013C35F90} - C:\Program Files (x86)\YoutubeAdblocker\a.dll () BHO-x32: surf And keepa - {90CA0531-BD1E-ED0E-E1A7-2FAFA3B1AA5E} - C:\Program Files (x86)\surf And keepa\XVhgq.dll () C:\Windows\system32\log C:\Program Files (x86)\Optimizer Pro C:\Program Files (x86)\surf And keepa C:\Program Files (x86)\YoutubeAdblocker C:\ProgramData\e8zjg8w.ctrl C:\ProgramData\e8zjg8w.pff C:\ProgramData\3cea804ea800994f C:\ProgramData\surf And keepa C:\ProgramData\YoutubeAdblocker C:\ProgramData\WPM C:\Users\Paweł\AppData\Local\Comodo C:\Users\Paweł\AppData\Local\Google C:\Users\Paweł\AppData\Local\Packages C:\Users\Paweł\AppData\Local\Torch C:\Users\Paweł\AppData\Roaming\eCyber C:\Users\Paweł\AppData\Roaming\iSafe C:\Users\Paweł\AppData\Roaming\MetaCrawler C:\Users\Paweł\AppData\Roaming\Mozilla C:\Users\Paweł\AppData\Roaming\systweak C:\Users\Paweł\Documents\Optimizer Pro C:\Users\UpdatusUser\AppData\Local\Comodo C:\Users\UpdatusUser\AppData\Local\Google C:\Users\UpdatusUser\AppData\Local\Torch C:\Users\Administrator C:\Users\Gość C:\Users\HomeGroupUser$ Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d c:\windows\syswow64\nvinit.dll /f Reg: reg query HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command Reg: reg query HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Opera\shell\open\command Reg: reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} /s Reg: reg export HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall C:\Users\Paweł\Desktop\uninstall.reg ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5038C2AC-B74D-41CD-BCB8-08A517D219CC} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5038C2AC-B74D-41CD-BCB8-08A517D219CC} => Key deleted successfully. C:\Windows\System32\Tasks\MetaCrawler => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MetaCrawler => Key deleted successfully. C:\Windows\Tasks\MetaCrawler.job => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully. C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e8zjg8w.lnk => Moved successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D7F90DF-4BE5-0978-F3A4-4B8013C35F90} => Key deleted successfully. HKCR\CLSID\{1D7F90DF-4BE5-0978-F3A4-4B8013C35F90} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90CA0531-BD1E-ED0E-E1A7-2FAFA3B1AA5E} => Key deleted successfully. HKCR\CLSID\{90CA0531-BD1E-ED0E-E1A7-2FAFA3B1AA5E} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D7F90DF-4BE5-0978-F3A4-4B8013C35F90} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1D7F90DF-4BE5-0978-F3A4-4B8013C35F90} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90CA0531-BD1E-ED0E-E1A7-2FAFA3B1AA5E} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{90CA0531-BD1E-ED0E-E1A7-2FAFA3B1AA5E} => Key deleted successfully. C:\Windows\system32\log => Moved successfully. C:\Program Files (x86)\Optimizer Pro => Moved successfully. C:\Program Files (x86)\surf And keepa => Moved successfully. C:\Program Files (x86)\YoutubeAdblocker => Moved successfully. C:\ProgramData\e8zjg8w.ctrl => Moved successfully. C:\ProgramData\e8zjg8w.pff => Moved successfully. C:\ProgramData\3cea804ea800994f => Moved successfully. C:\ProgramData\surf And keepa => Moved successfully. C:\ProgramData\YoutubeAdblocker => Moved successfully. C:\ProgramData\WPM => Moved successfully. C:\Users\Paweł\AppData\Local\Comodo => Moved successfully. C:\Users\Paweł\AppData\Local\Google => Moved successfully. C:\Users\Paweł\AppData\Local\Packages => Moved successfully. C:\Users\Paweł\AppData\Local\Torch => Moved successfully. C:\Users\Paweł\AppData\Roaming\eCyber => Moved successfully. C:\Users\Paweł\AppData\Roaming\iSafe => Moved successfully. "C:\Users\Paweł\AppData\Roaming\MetaCrawler" directory move: Could not move "C:\Users\Paweł\AppData\Roaming\MetaCrawler" directory. => Scheduled to move on reboot. C:\Users\Paweł\AppData\Roaming\Mozilla => Moved successfully. C:\Users\Paweł\AppData\Roaming\systweak => Moved successfully. C:\Users\Paweł\Documents\Optimizer Pro => Moved successfully. C:\Users\UpdatusUser\AppData\Local\Comodo => Moved successfully. C:\Users\UpdatusUser\AppData\Local\Google => Moved successfully. C:\Users\UpdatusUser\AppData\Local\Torch => Moved successfully. C:\Users\Administrator => Moved successfully. C:\Users\Gość => Moved successfully. C:\Users\HomeGroupUser$ => Moved successfully. ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d c:\windows\syswow64\nvinit.dll /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command ========= HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command (domy˜lny) REG_SZ "c:\program files (x86)\opera\opera.exe" ========= End of Reg: ========= ========= reg query HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Opera\shell\open\command ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Opera\shell\open\command (domy˜lny) REG_SZ "c:\program files (x86)\opera\opera.exe" ========= End of Reg: ========= ========= reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} AuthorizedCDFPrefix REG_SZ Comments REG_SZ Contact REG_SZ DisplayVersion REG_SZ 1.3.23.0 HelpLink REG_SZ HelpTelephone REG_SZ InstallDate REG_SZ 20131101 InstallLocation REG_SZ InstallSource REG_SZ C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\ ModifyPath REG_EXPAND_SZ MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Publisher REG_SZ BonanzaDeals Readme REG_SZ Size REG_SZ EstimatedSize REG_DWORD 0x29 SystemComponent REG_DWORD 0x1 UninstallString REG_EXPAND_SZ MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} URLInfoAbout REG_SZ URLUpdateInfo REG_SZ VersionMajor REG_DWORD 0x1 VersionMinor REG_DWORD 0x3 WindowsInstaller REG_DWORD 0x1 Version REG_DWORD 0x1030017 Language REG_DWORD 0x409 DisplayName REG_SZ Google Update Helper ========= End of Reg: ========= ========= reg export HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall C:\Users\Paweł\Desktop\uninstall.reg ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-31 15:41:32)<= "C:\Users\Paweł\AppData\Roaming\MetaCrawler" => Directory could not move. ==== End of Fixlog ====