Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:09-06-2014 03 Ran by Anna at 2014-06-10 15:39:50 Run:1 Running from C:\Users\Anna\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 WebUpdater; "C:\Program Files\BrowseFox\updater.exe" [X] S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [X] S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X] HKU\S-1-5-21-2789141661-186915839-826018185-1000\...\Run: [] => [X] HKU\S-1-5-21-2789141661-186915839-826018185-1000\...\Run: [Web Desktop] => C:\Users\Anna\AppData\Roaming\BrowseFox\desktop.exe HKU\S-1-5-21-2789141661-186915839-826018185-1000\...\Run: [Skrybot] => [X] Task: {36D4B2D7-60BD-45FF-A4AF-858AACD428C0} - System32\Tasks\{F3717652-E33F-4988-96E4-FA06EEFDC2E3} => C:\Program Files\Game Cam V2\GameCamV2.exe Task: {547AC895-3794-4BFE-BD65-FF22BA629813} - System32\Tasks\{BF5D59F3-7501-439A-860C-F667E2375C3E} => C:\Program Files\Game Cam V2\GameCamV2.exe Task: {6FC442BC-B181-4664-9000-C4DE7C3AEC0B} - System32\Tasks\{464723AC-E4A3-4A0A-8160-FA27FC256198} => C:\Program Files\Game Cam V2\GameCamV2.exe Task: {A1DEBB2D-4983-4E07-AE9F-A26F3A2F2246} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION Task: {AF55B778-4CE0-408C-B185-2112E746E6DB} - System32\Tasks\{FE681289-5821-46DB-B03C-02839512AFAE} => C:\Program Files\Game Cam V2\GameCamV2.exe Task: {CC255152-E774-46D0-B244-CE174553B088} - System32\Tasks\OptimizerProUpdaterTask{71A846ED-C1AB-4E72-A4F3-E51D59887BE7} => C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe <==== ATTENTION Task: C:\windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ CHR Extension: (No Name) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\phdibklhohedacdhcfaojcfbcmlaaihf [2014-04-27] CHR HKLM\...\Chrome\Extension: [chjmbacfdkjmndiemcnknpfdmajjgnia] - C:\ProgramData\Browse2save\chjmbacfdkjmndiemcnknpfdmajjgnia.crx [2014-02-22] C:\ProgramData\xgneqrwu.hrx C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\profiles\extensions C:\Users\Anna\Downloads\AdBlock_dla_Chrome_Sciagnij.pl.exe C:\Users\Anna\Downloads\FlashPlayersetup__2583_i794794742_il4.exe C:\windows\system32\sqlite3.dll Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0C02} /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311} /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f CMD: type "C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\profiles.ini" ***************** WebUpdater => Service deleted successfully. EagleXNt => Service deleted successfully. XFDriver => Service deleted successfully. HKU\S-1-5-21-2789141661-186915839-826018185-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-2789141661-186915839-826018185-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Desktop => value deleted successfully. HKU\S-1-5-21-2789141661-186915839-826018185-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skrybot => value deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36D4B2D7-60BD-45FF-A4AF-858AACD428C0}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36D4B2D7-60BD-45FF-A4AF-858AACD428C0}' => Key deleted successfully. C:\Windows\System32\Tasks\{F3717652-E33F-4988-96E4-FA06EEFDC2E3} => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3717652-E33F-4988-96E4-FA06EEFDC2E3}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{547AC895-3794-4BFE-BD65-FF22BA629813}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{547AC895-3794-4BFE-BD65-FF22BA629813}' => Key deleted successfully. C:\Windows\System32\Tasks\{BF5D59F3-7501-439A-860C-F667E2375C3E} => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF5D59F3-7501-439A-860C-F667E2375C3E}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FC442BC-B181-4664-9000-C4DE7C3AEC0B}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC442BC-B181-4664-9000-C4DE7C3AEC0B}' => Key deleted successfully. C:\Windows\System32\Tasks\{464723AC-E4A3-4A0A-8160-FA27FC256198} => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{464723AC-E4A3-4A0A-8160-FA27FC256198}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1DEBB2D-4983-4E07-AE9F-A26F3A2F2246}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1DEBB2D-4983-4E07-AE9F-A26F3A2F2246}' => Key deleted successfully. C:\Windows\System32\Tasks\schedule!3036567561 => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!3036567561' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF55B778-4CE0-408C-B185-2112E746E6DB}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF55B778-4CE0-408C-B185-2112E746E6DB}' => Key deleted successfully. C:\Windows\System32\Tasks\{FE681289-5821-46DB-B03C-02839512AFAE} => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE681289-5821-46DB-B03C-02839512AFAE}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC255152-E774-46D0-B244-CE174553B088}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC255152-E774-46D0-B244-CE174553B088}' => Key deleted successfully. C:\Windows\System32\Tasks\OptimizerProUpdaterTask{71A846ED-C1AB-4E72-A4F3-E51D59887BE7} => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OptimizerProUpdaterTask{71A846ED-C1AB-4E72-A4F3-E51D59887BE7}' => Key deleted successfully. C:\windows\Tasks\schedule!3036567561.job => Moved successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc' => Key deleted successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS' => Key deleted successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc' => Key deleted successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS' => Key deleted successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MpfService' => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found. HKCU\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900} => value deleted successfully. C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\phdibklhohedacdhcfaojcfbcmlaaihf => Moved successfully. 'HKLM\SOFTWARE\Google\Chrome\Extensions\chjmbacfdkjmndiemcnknpfdmajjgnia' => Key deleted successfully. "C:\ProgramData\Browse2save\chjmbacfdkjmndiemcnknpfdmajjgnia.crx" => File/Directory not found. C:\ProgramData\xgneqrwu.hrx => Moved successfully. C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\profiles\extensions => Moved successfully. C:\Users\Anna\Downloads\AdBlock_dla_Chrome_Sciagnij.pl.exe => Moved successfully. C:\Users\Anna\Downloads\FlashPlayersetup__2583_i794794742_il4.exe => Moved successfully. C:\windows\system32\sqlite3.dll => Moved successfully. ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0C02} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62D82EC1-0D3A-DF54-8E3E-07E1337A5311} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= type "C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\profiles.ini" ========= [General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=Profiles/qz6kvih3.default ========= End of CMD: ========= ==== End of Fixlog ====