Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-02-2014 01 Ran by Komp at 2014-02-12 16:12:58 Run:1 Running from C:\Users\Komp\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Windows\system32\dmwu.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe (Akamai Technologies, Inc.) C:\Users\Komp\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Komp\AppData\Local\Akamai\netsession_win.exe () C:\Windows\System32\jmdp\stij.exe S2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [192664 2013-10-14] () R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1488176 2013-12-29] () AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => File Not Found Task: {8E222953-92EC-42A3-BCCB-CB46D13644AC} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION Task: {C6A4D2F5-FCC2-4AAF-9E1E-1440FD5C7E11} - System32\Tasks\DealPly => C:\Users\Komp\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {D28556DC-EFF6-456F-8A63-649D0B8132E7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{AA35EE0E-3473-4D50-87C9-602DB24CD694}.exe Task: {DBC5F333-204E-4152-8E91-433F39FF8443} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E52E5B70-B74A-4242-BA10-8569B8B4EB2C}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{AA35EE0E-3473-4D50-87C9-602DB24CD694}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E52E5B70-B74A-4242-BA10-8569B8B4EB2C}.exe HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-02-05] () HKU\S-1-5-21-859098361-1263673785-183622165-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-859098361-1263673785-183622165-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Komp\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-859098361-1263673785-183622165-1002\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-04] (AVG Secure Search) HKU\S-1-5-21-859098361-1263673785-183622165-1002\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-06] (AVG Secure Search) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=AAEC00242BBC2BAE&affID=124742&tsp=5006 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idd/idd_1331913175_307373 SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss_din2g&mntrId=AAEC00242BBC2BAE SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss_din2g&mntrId=AAEC00242BBC2BAE SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D9E48D74-D968-4908-B951-D6B5CCB1A47B}&mid=7a167900108f47d1bab9d16a1cb6c762-f4e729240cd3c39ba1113a30bcf0842479009110&lang=pl&ds=AVG&pr=fr&d=2012-08-30 17:44:08&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6R8SVw5xwW&loc=skw&search={searchTerms} SearchScopes: HKCU - {FDFB19D7-C3B9-42A7-B6E7-0CC21CE6EE61} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=142EFEAF-A8EE-4C4C-9066-CB03184588BF&apn_sauid=9F88A755-789D-4DEF-88EE-0FB03C618EE7 BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-12-22] CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx [2013-12-22] CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\OpenApp\chromeaddon.crx [2013-12-22] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-08] CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\jmdp\SweetNT.crx [2013-12-25] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION C:\ProgramData\lkkpokfmhdigdfdhbhokkcchljmgbnpe C:\Program Files\mozilla firefox C:\Users\Komp\AppData\Local\promo.exe C:\Users\Komp\AppData\Local\Mozilla C:\Users\Komp\AppData\Roaming\Mozilla C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension CMD: netsh advfirewall reset Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\facemoods" /f Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71C2828F-2678-4675-BDEC-895424861262}_is1" /s ***************** [2144] C:\Windows\system32\dmwu.exe => Process closed successfully. [2628] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe => Process closed successfully. [2728] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe => Process closed successfully. [1400] C:\Users\Komp\AppData\Local\Akamai\netsession_win.exe => Process closed successfully. [4536] C:\Users\Komp\AppData\Local\Akamai\netsession_win.exe => Process closed successfully. C:\Users\Komp\AppData\Local\Akamai\netsession_win.exe => No running process found [5352] C:\Windows\System32\jmdp\stij.exe => Process closed successfully. ca82e1a5 => Service deleted successfully. IBUpdaterService => Service deleted successfully. "c:\\progra~1\\optimi~1\\optpro~1.dll" => Value Data removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E222953-92EC-42A3-BCCB-CB46D13644AC} => Error deleting key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E222953-92EC-42A3-BCCB-CB46D13644AC} => Error deleting key C:\Windows\System32\Tasks\YourFile Update => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update => Error deleting key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6A4D2F5-FCC2-4AAF-9E1E-1440FD5C7E11} => Error deleting key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6A4D2F5-FCC2-4AAF-9E1E-1440FD5C7E11} => Error deleting key C:\Windows\System32\Tasks\DealPly => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Error deleting key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D28556DC-EFF6-456F-8A63-649D0B8132E7} => Error deleting key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D28556DC-EFF6-456F-8A63-649D0B8132E7} => Error deleting key C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Error deleting key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBC5F333-204E-4152-8E91-433F39FF8443} => Error deleting key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBC5F333-204E-4152-8E91-433F39FF8443} => Error deleting key C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Error deleting key C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => Value deleted successfully. HKU\S-1-5-21-859098361-1263673785-183622165-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully. HKU\S-1-5-21-859098361-1263673785-183622165-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => Value deleted successfully. HKU\S-1-5-21-859098361-1263673785-183622165-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value deleted successfully. HKU\S-1-5-21-859098361-1263673785-183622165-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_HP => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDFB19D7-C3B9-42A7-B6E7-0CC21CE6EE61} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{FDFB19D7-C3B9-42A7-B6E7-0CC21CE6EE61} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully. HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully. HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully. HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully. "C:\Program Files\IB Updater\source.crx" => File/Directory not found. HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif => Key deleted successfully. "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx" => File/Directory not found. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl => Key deleted successfully. "C:\Program Files\OpenApp\chromeaddon.crx" => File/Directory not found. HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key deleted successfully. C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx => Moved successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => Key deleted successfully. C:\Windows\System32\jmdp\SweetNT.crx => Moved successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. C:\ProgramData\lkkpokfmhdigdfdhbhokkcchljmgbnpe => Moved successfully. C:\Program Files\mozilla firefox => Moved successfully. C:\Users\Komp\AppData\Local\promo.exe => Moved successfully. C:\Users\Komp\AppData\Local\Mozilla => Moved successfully. "C:\Users\Komp\AppData\Roaming\Mozilla" directory move: Could not move "C:\Users\Komp\AppData\Roaming\Mozilla" directory. => Scheduled to move on reboot. C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\mozilla.org /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\facemoods" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71C2828F-2678-4675-BDEC-895424861262}_is1" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71C2828F-2678-4675-BDEC-895424861262}_is1 Inno Setup: Setup Version REG_SZ 5.2.3 Inno Setup: App Path REG_SZ C:\Program Files\Acer GameZone\GameConsole InstallLocation REG_SZ C:\Program Files\Acer GameZone\GameConsole\ Inno Setup: Icon Group REG_SZ Acer GameZone Inno Setup: User REG_SZ Administrator Inno Setup: Selected Tasks REG_SZ desktopicon Inno Setup: Deselected Tasks REG_SZ DisplayName REG_SZ C:\Program Files\Acer GameZone\GameConsole DisplayIcon REG_SZ C:\Program Files\Acer GameZone\GameConsole\partner_icon_256-256.ico UninstallString REG_SZ "C:\Program Files\Acer GameZone\GameConsole\unins000.exe" QuietUninstallString REG_SZ "C:\Program Files\Acer GameZone\GameConsole\unins000.exe" /SILENT DisplayVersion REG_SZ 2.0.1.4 Publisher REG_SZ Oberon Media, Inc. URLInfoAbout REG_SZ http://Acer.oberon-media.com HelpLink REG_SZ http://Acer.oberon-media.com URLUpdateInfo REG_SZ http://Acer.oberon-media.com NoModify REG_DWORD 0x1 NoRepair REG_DWORD 0x1 InstallDate REG_SZ 20090205 ========= End of Reg: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-12 16:17:18)<= C:\Users\Komp\AppData\Roaming\Mozilla => Moved successfully. ==== End of Fixlog ====