Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015 Ran by The Rockabilly Moose (2015-07-29 16:32:47) Run:1 Running from C:\Users\The Rockabilly Moose\Downloads Loaded Profiles: The Rockabilly Moose (Available Profiles: The Rockabilly Moose) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {5E537F20-43BD-4F71-9C46-93D93FD24EDE} - System32\Tasks\{0F60C72B-58AB-4C06-8D30-6A6888DCB1A1} => pcalua.exe -a J:\Dane\PROGRAMY\MUZYCZNE\APGuitarSetup.exe -d J:\Dane\PROGRAMY\MUZYCZNE Task: {632EB613-3079-44A5-864A-1F83D5A1387F} - System32\Tasks\{F61A924F-0FC7-458C-8194-708343B96724} => pcalua.exe -a "C:\Users\The Rockabilly Moose\Downloads\Enhancer.exe" -d "C:\Users\The Rockabilly Moose\Downloads" 2015-07-28 08:31 - 2015-07-28 08:31 - 00161792 _____ () C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\hnsa7A73.tmp 2015-07-29 12:41 - 2015-07-29 12:41 - 00345600 _____ () C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\knsu9B6F.tmp C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227 HKLM-x32\...\Run: [EfficientStickyNotes] => [X] HKLM-x32\...\Run: [mbot_pl_014010043] => [X] Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f HKU\S-1-5-21-1747537892-628935095-3018465868-1000\...\Run: [GoogleChromeAutoLaunch_F8A0231A41B14F94484E7E1578951AB8] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...E608N5573055730 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...E608N5573055730 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartse...q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...E608N5573055730 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...E608N5573055730 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartse...q={searchTerms} HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartse...q={searchTerms} HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartse...E608N5573055730 HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartse...E608N5573055730 HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartse...q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1747537892-628935095-3018465868-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartse...q={searchTerms} SearchScopes: HKU\S-1-5-21-1747537892-628935095-3018465868-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartse...q={searchTerms} SearchScopes: HKU\S-1-5-21-1747537892-628935095-3018465868-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartse...q={searchTerms} BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll No File C:\Program Files (x86)\MiuiTab startMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartse...E608N5573055730 FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: mystartsearch FF SelectedSearchEngine: mystartsearch FF Extension: Default SearchProtected - C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\defsearchp@gmail.com [2015-07-29] FF Extension: Video DownloadHelper - C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-07-28] FF Extension: DownThemAll! - C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-07-28] FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\extensions\defsearchp@gmail.com StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartse...E608N5573055730 OPR Extension: (CinemaPlus-4.5vV27.07) - C:\Users\The Rockabilly Moose\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj [2015-07-28] OPR Extension: (No Name) - C:\Users\The Rockabilly Moose\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-07-28] StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.mystartse...E608N5573055730 R2 comyninu; C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\hnsa7A73.tmp [161792 2015-07-28] () [File not signed] R2 nudohidu; C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\knsu9B6F.tmp [345600 2015-07-29] () [File not signed] S2 Update Dynamo Combo; "C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe" [X] C:\Users\The Rockabilly Moose\AppData\Roaming\AnyProtectEx 2015-07-29 15:41 - 2015-07-29 15:41 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx 2015-07-29 15:41 - 2015-07-29 15:40 - 00613255 _____ (CMI Limited) C:\Users\The Rockabilly Moose\AppData\Local\nsh33CE.tmp 2015-07-29 15:40 - 2015-07-29 15:46 - 00000000 ____D C:\Program Files (x86)\MiuiTab 2015-07-29 15:40 - 2015-07-29 15:40 - 00000000 ____D C:\Program Files (x86)\FriendlyError 2015-07-28 10:30 - 2015-07-28 10:30 - 00613255 _____ (CMI Limited) C:\Users\The Rockabilly Moose\AppData\Local\nsdE0A3.tmp 2015-07-28 09:08 - 2015-07-28 09:08 - 00613255 _____ (CMI Limited) C:\Users\The Rockabilly Moose\AppData\Local\nsuB7A6.tmp 2015-07-28 08:57 - 2015-07-29 12:38 - 00000000 ____D C:\Users\The Rockabilly Moose\AppData\Local\7399 2015-07-28 08:45 - 2015-07-28 08:45 - 00000000 ____D C:\Program Files (x86)\c3245dd2-5e29-4a85-a04d-d24e48769739 2015-07-28 08:39 - 2015-07-28 08:40 - 00000000 ____D C:\Program Files (x86)\887c491c-b997-4e7e-ac62-99d8e86cf666 2015-07-28 08:33 - 2015-07-28 08:41 - 00000000 ____D C:\Program Files (x86)\354462ee-269d-432d-9b92-6c9970c7e435 2015-07-28 08:33 - 2015-07-28 08:39 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-07-28 08:33 - 2015-07-28 08:33 - 00000000 ____D C:\Program Files (x86)\1e93562c-0387-45ed-b3c5-6611b6eb80f1 2015-07-28 08:31 - 2015-07-29 13:12 - 00000000 ____D C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227 C:\Windows\Minidump\*.dmp EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E537F20-43BD-4F71-9C46-93D93FD24EDE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E537F20-43BD-4F71-9C46-93D93FD24EDE}" => key removed successfully C:\Windows\System32\Tasks\{0F60C72B-58AB-4C06-8D30-6A6888DCB1A1} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F60C72B-58AB-4C06-8D30-6A6888DCB1A1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{632EB613-3079-44A5-864A-1F83D5A1387F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{632EB613-3079-44A5-864A-1F83D5A1387F}" => key removed successfully C:\Windows\System32\Tasks\{F61A924F-0FC7-458C-8194-708343B96724} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F61A924F-0FC7-458C-8194-708343B96724}" => key removed successfully C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\hnsa7A73.tmp => moved successfully. C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227\knsu9B6F.tmp => moved successfully. C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227 => moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\EfficientStickyNotes => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_pl_014010043 => value removed successfully ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F8A0231A41B14F94484E7E1578951AB8 => value removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKU\S-1-5-21-1747537892-628935095-3018465868-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKU\S-1-5-21-1747537892-628935095-3018465868-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-1747537892-628935095-3018465868-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found. HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found. HKU\S-1-5-21-1747537892-628935095-3018465868-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found. HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} => key not found. HKCR\Wow6432Node\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} => key not found. "C:\Program Files (x86)\MiuiTab" => File/Folder not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully Firefox newtab removed successfully Firefox DefaultSearchEngine removed successfully Firefox SelectedSearchEngine removed successfully C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\defsearchp@gmail.com not found. C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully. C:\Users\The Rockabilly Moose\AppData\Roaming\Mozilla\Firefox\Profiles\jhfg7jud.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi => moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value not found. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => value restored successfully C:\Users\The Rockabilly Moose\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj => moved successfully. C:\Users\The Rockabilly Moose\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc => moved successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => value restored successfully comyninu => Service stopped successfully. comyninu => service removed successfully nudohidu => Service stopped successfully. nudohidu => service removed successfully Update Dynamo Combo => service removed successfully "C:\Users\The Rockabilly Moose\AppData\Roaming\AnyProtectEx" => File/Folder not found. "C:\Program Files (x86)\AnyProtectEx" => File/Folder not found. C:\Users\The Rockabilly Moose\AppData\Local\nsh33CE.tmp => moved successfully. "C:\Program Files (x86)\MiuiTab" => File/Folder not found. "C:\Program Files (x86)\FriendlyError" => File/Folder not found. C:\Users\The Rockabilly Moose\AppData\Local\nsdE0A3.tmp => moved successfully. C:\Users\The Rockabilly Moose\AppData\Local\nsuB7A6.tmp => moved successfully. C:\Users\The Rockabilly Moose\AppData\Local\7399 => moved successfully. C:\Program Files (x86)\c3245dd2-5e29-4a85-a04d-d24e48769739 => moved successfully. C:\Program Files (x86)\887c491c-b997-4e7e-ac62-99d8e86cf666 => moved successfully. C:\Program Files (x86)\354462ee-269d-432d-9b92-6c9970c7e435 => moved successfully. C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully. C:\Program Files (x86)\1e93562c-0387-45ed-b3c5-6611b6eb80f1 => moved successfully. "C:\Program Files (x86)\38464E43-1438065064-5131-364D-001E68BF5227" => File/Folder not found. C:\Windows\Minidump\*.dmp => moved successfully. EmptyTemp: => 4.8 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 16:35:07 ====