Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014 Ran by Sebastian at 2014-01-04 12:35:19 Run:1 Running from C:\Users\Sebastian\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Sebastian\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid bda85299695a47d09d231151c360fa1b-fdaed4ae3b97f77631e271f5486e6f941e1032df --CMPID 0913b HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Sebastian\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKCU\...\Run: [Anti Trojan Elite] - C:\Program Files (x86)\Anti Trojan Elite\TJEnder.exe :NO AppInit_DLLs-x32: c:\progra~3\browse~2\261339~1.144\{c16c1~1\browse~1.dll [ ] () HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22apple.com/?utm_source=b&ch=sof&uid=ST9500325AS_5VET7NC8XXXX5VET7NC8®=1360337131 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {C040294F-942B-4AD0-B469-08D0B905FE65} URL = http://www.idg.pl?q={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=98127EDDA7B7DB64&affID=119357&tsp=4945 SearchScopes: HKCU - {80C08925-617B-4308-8945-3F968166E56D} URL = http://searchab.com/?aff=7&uid=ab89367a-5f29-11e2-8453-d4bed93d5b59&q={searchTerms} SearchScopes: HKCU - {C040294F-942B-4AD0-B469-08D0B905FE65} URL = http://www.idg.pl?q={searchTerms} Task: {3C31B86C-3E24-4F05-A42A-0B6A5B7B15CE} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {86970B80-937F-44A3-A483-A712BDC619EA} - System32\Tasks\{38E89C76-FCCD-4F15-9D40-EE0D5B4C6A0B} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsBing Task: {92D2DB00-5187-47B2-81E4-8A2A5C5E7F3D} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert Task: {C48FBE9C-35D5-49DC-BCDE-5FF6E0D98C38} - System32\Tasks\{62FB3D1D-1043-469A-8247-ECCA0D04F3AE} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.272/pl/abandoninstall?page=tsProgressBar Task: {EB232EC9-F95F-4209-A8C8-4C5840262B63} - System32\Tasks\EPUpdater => C:\Users\SEBAST~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION Task: {FA5F0F6D-F43C-4187-A986-2602EB1E57CF} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [x] S2 ATE_PROCMON; \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys [x] S3 cpuz136; \??\C:\Users\SEBAST~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x] C:\Program Files (x86)\Mobogenie C:\Program Files (x86)\Trojan Remover C:\ProgramData\Licenses C:\ProgramData\Simply Super Software C:\Users\Sebastian\.android C:\Users\Sebastian\daemonprocess.txt C:\Users\Sebastian\AppData\Local\cache C:\Users\Sebastian\AppData\Local\genienext C:\Users\Sebastian\AppData\Local\Mobogenie C:\Users\Sebastian\AppData\Roaming\newnext.me C:\Users\Sebastian\Documents\Mobogenie C:\Users\Sebastian\Downloads\Anti-Trojan Shield 2_isdmgr.exe C:\Users\Sebastian\Downloads\HijackThis(12030).exe C:\Users\Sebastian\Downloads\RegRun Reanimator 6.9.7.99_isdmgr.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913b => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Anti Trojan Elite => Value deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80C08925-617B-4308-8945-3F968166E56D} => Key deleted successfully. HKCR\CLSID\{80C08925-617B-4308-8945-3F968166E56D} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C040294F-942B-4AD0-B469-08D0B905FE65} => Key deleted successfully. HKCR\CLSID\{C040294F-942B-4AD0-B469-08D0B905FE65} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C31B86C-3E24-4F05-A42A-0B6A5B7B15CE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C31B86C-3E24-4F05-A42A-0B6A5B7B15CE} => Key deleted successfully. C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_REG_JAN_DELETE => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86970B80-937F-44A3-A483-A712BDC619EA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86970B80-937F-44A3-A483-A712BDC619EA} => Key deleted successfully. C:\Windows\System32\Tasks\{38E89C76-FCCD-4F15-9D40-EE0D5B4C6A0B} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{38E89C76-FCCD-4F15-9D40-EE0D5B4C6A0B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92D2DB00-5187-47B2-81E4-8A2A5C5E7F3D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D2DB00-5187-47B2-81E4-8A2A5C5E7F3D} => Key deleted successfully. C:\Windows\System32\Tasks\BrowserDefendert => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48FBE9C-35D5-49DC-BCDE-5FF6E0D98C38} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48FBE9C-35D5-49DC-BCDE-5FF6E0D98C38} => Key deleted successfully. C:\Windows\System32\Tasks\{62FB3D1D-1043-469A-8247-ECCA0D04F3AE} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62FB3D1D-1043-469A-8247-ECCA0D04F3AE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB232EC9-F95F-4209-A8C8-4C5840262B63} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB232EC9-F95F-4209-A8C8-4C5840262B63} => Key deleted successfully. C:\Windows\System32\Tasks\EPUpdater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA5F0F6D-F43C-4187-A986-2602EB1E57CF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA5F0F6D-F43C-4187-A986-2602EB1E57CF} => Key deleted successfully. C:\Windows\System32\Tasks\RunAsStdUser => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser => Key deleted successfully. C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => Moved successfully. Update Jump Flip => Service deleted successfully. ATE_PROCMON => Service deleted successfully. cpuz136 => Service deleted successfully. C:\Program Files (x86)\Mobogenie => Moved successfully. C:\Program Files (x86)\Trojan Remover => Moved successfully. C:\ProgramData\Licenses => Moved successfully. C:\ProgramData\Simply Super Software => Moved successfully. C:\Users\Sebastian\.android => Moved successfully. C:\Users\Sebastian\daemonprocess.txt => Moved successfully. C:\Users\Sebastian\AppData\Local\cache => Moved successfully. C:\Users\Sebastian\AppData\Local\genienext => Moved successfully. C:\Users\Sebastian\AppData\Local\Mobogenie => Moved successfully. C:\Users\Sebastian\AppData\Roaming\newnext.me => Moved successfully. C:\Users\Sebastian\Documents\Mobogenie => Moved successfully. "C:\Users\Sebastian\Downloads\Anti-Trojan Shield 2_isdmgr.exe" => File/Directory not found. "C:\Users\Sebastian\Downloads\HijackThis(12030).exe" => File/Directory not found. "C:\Users\Sebastian\Downloads\RegRun Reanimator 6.9.7.99_isdmgr.exe" => File/Directory not found. ==== End of Fixlog ====