Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2014 Ran by Home at 2014-04-20 17:32:45 Run:1 Running from C:\Users\Home\Desktop\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** (Microsoft Corporation) C:\Windows\System32\schtasks.exe Task: {11DF423B-195C-422A-9093-DE396AED4C2B} - System32\Tasks\Origin => C:\Users\Home\AppData\Roaming\Origin\update.vbe [2014-04-19] () C:\Users\Home\AppData\Roaming\Origin\update.vbe Task: {22AD39C0-0EA7-4B85-88C7-656971798872} - System32\Tasks\{16D90E72-E3CC-4978-9177-528720F02286} => Firefox.exe Task: {301DC9C7-4E34-42D3-A173-2E6E94B143AE} - System32\Tasks\{1CC3E440-AB3D-4D1B-A010-31A362009A1E} => Firefox.exe Task: {34214B7F-7D9B-498C-88FC-FBCE1A937471} - System32\Tasks\{58684411-9F9C-415E-B564-EE9A2279A4DE} => C:\Program Files (x86)\Paradox Entertainment\Europa Universalis 2\eu2.exe Task: {4EB544A6-7491-4DFF-9898-4BFBDB9EE417} - System32\Tasks\{EFD71E7E-5988-4419-AF5C-CEC87BB2036B} => C:\Program Files (x86)\Paradox Entertainment\Europa Universalis 2\eu2.exe Task: {5F5A6A04-ED1F-4D57-A73C-6CD2565D8243} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{F5706F11-13D3-4AEC-836B-AC8DCD61B622}.exe Task: {60B5480E-DA1E-48A6-B411-08E10ED733E2} - \Lyrics-Pal Update ATTENTION ====> No Task File Task: {7FBFC6B9-5F1A-4F73-9D1B-0FD987054B04} - System32\Tasks\{8A8DA3FF-9663-49B3-98CB-C11336DD3024} => C:\Program Files (x86)\Paradox Interactive\Europa Universalis III\eu3game.exe Task: {A89BD689-3FFC-4EA8-A7D8-DD03ACABD454} - System32\Tasks\{4048D3C9-4152-41A6-B2C7-2771BC814329} => C:\Users\Home\Desktop\gry\eu3\europa-universalis-ii\europa_universalis_2_pl.exe Task: {AE56D21E-C6C8-40FA-80FA-8C09FD6A6B51} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{4938B1E5-F8D5-40DA-B7F7-B894BEC0D0CF}.exe Task: {AFB9F69A-50A5-4ED0-9ED4-0709AC62933C} - System32\Tasks\{1F0DDFB8-518F-4D6D-AE6A-37794063DD55} => C:\Users\Home\Desktop\gry\eu3\europa-universalis-ii\europa_universalis_2_pl.exe Task: {E2C9A604-1190-4A96-A210-64FC35829DD5} - System32\Tasks\{183FBC08-7001-419D-A9BF-7D4CEE01C641} => Firefox.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{4938B1E5-F8D5-40DA-B7F7-B894BEC0D0CF}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{F5706F11-13D3-4AEC-836B-AC8DCD61B622}.exe HKU\S-1-5-21-16812642-1322023513-2853015389-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-16812642-1322023513-2853015389-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\S-1-5-21-16812642-1322023513-2853015389-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {F93BE1B7-B6FA-484F-B34A-8065CE5DD299} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYPL&apn_uid=95074a72-a7ea-481c-aad4-620db54bea50&apn_sauid=026F7890-700C-4BB3-9702-E2E293A9C47D Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF HKCU\...\Firefox\Extensions: [{8f5010e2-9577-4aed-ad42-f2098ea15def}] - C:\Program Files (x86)\LyricsPal\133.xpi S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reboot: ***************** [1924] C:\Windows\System32\schtasks.exe => Process closed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11DF423B-195C-422A-9093-DE396AED4C2B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11DF423B-195C-422A-9093-DE396AED4C2B} => Key deleted successfully. C:\Windows\System32\Tasks\Origin => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin => Key deleted successfully. C:\Users\Home\AppData\Roaming\Origin\update.vbe => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22AD39C0-0EA7-4B85-88C7-656971798872} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22AD39C0-0EA7-4B85-88C7-656971798872} => Key deleted successfully. C:\Windows\System32\Tasks\{16D90E72-E3CC-4978-9177-528720F02286} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{16D90E72-E3CC-4978-9177-528720F02286} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{301DC9C7-4E34-42D3-A173-2E6E94B143AE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{301DC9C7-4E34-42D3-A173-2E6E94B143AE} => Key deleted successfully. C:\Windows\System32\Tasks\{1CC3E440-AB3D-4D1B-A010-31A362009A1E} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1CC3E440-AB3D-4D1B-A010-31A362009A1E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34214B7F-7D9B-498C-88FC-FBCE1A937471} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34214B7F-7D9B-498C-88FC-FBCE1A937471} => Key deleted successfully. C:\Windows\System32\Tasks\{58684411-9F9C-415E-B564-EE9A2279A4DE} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{58684411-9F9C-415E-B564-EE9A2279A4DE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EB544A6-7491-4DFF-9898-4BFBDB9EE417} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB544A6-7491-4DFF-9898-4BFBDB9EE417} => Key deleted successfully. C:\Windows\System32\Tasks\{EFD71E7E-5988-4419-AF5C-CEC87BB2036B} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EFD71E7E-5988-4419-AF5C-CEC87BB2036B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F5A6A04-ED1F-4D57-A73C-6CD2565D8243} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5A6A04-ED1F-4D57-A73C-6CD2565D8243} => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60B5480E-DA1E-48A6-B411-08E10ED733E2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60B5480E-DA1E-48A6-B411-08E10ED733E2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lyrics-Pal Update ATTENTION ====> => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FBFC6B9-5F1A-4F73-9D1B-0FD987054B04} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FBFC6B9-5F1A-4F73-9D1B-0FD987054B04} => Key deleted successfully. C:\Windows\System32\Tasks\{8A8DA3FF-9663-49B3-98CB-C11336DD3024} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A8DA3FF-9663-49B3-98CB-C11336DD3024} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A89BD689-3FFC-4EA8-A7D8-DD03ACABD454} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A89BD689-3FFC-4EA8-A7D8-DD03ACABD454} => Key deleted successfully. C:\Windows\System32\Tasks\{4048D3C9-4152-41A6-B2C7-2771BC814329} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4048D3C9-4152-41A6-B2C7-2771BC814329} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE56D21E-C6C8-40FA-80FA-8C09FD6A6B51} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE56D21E-C6C8-40FA-80FA-8C09FD6A6B51} => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFB9F69A-50A5-4ED0-9ED4-0709AC62933C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFB9F69A-50A5-4ED0-9ED4-0709AC62933C} => Key deleted successfully. C:\Windows\System32\Tasks\{1F0DDFB8-518F-4D6D-AE6A-37794063DD55} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1F0DDFB8-518F-4D6D-AE6A-37794063DD55} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2C9A604-1190-4A96-A210-64FC35829DD5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2C9A604-1190-4A96-A210-64FC35829DD5} => Key deleted successfully. C:\Windows\System32\Tasks\{183FBC08-7001-419D-A9BF-7D4CEE01C641} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{183FBC08-7001-419D-A9BF-7D4CEE01C641} => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. HKU\S-1-5-21-16812642-1322023513-2853015389-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully. HKU\S-1-5-21-16812642-1322023513-2853015389-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value deleted successfully. HKU\S-1-5-21-16812642-1322023513-2853015389-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_HP => Value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F93BE1B7-B6FA-484F-B34A-8065CE5DD299} => Key deleted successfully. HKCR\CLSID\{F93BE1B7-B6FA-484F-B34A-8065CE5DD299} => Key deleted successfully. HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully. HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully. HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key deleted successfully. HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully. C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found. HKCU\Software\Mozilla\Firefox\Extensions\\{8f5010e2-9577-4aed-ad42-f2098ea15def} => Value deleted successfully. catchme => Service deleted successfully. EagleX64 => Service deleted successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====