Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Tomasz at 2014-03-17 19:32:20 Run:1 Running from C:\Users\Tomasz\Desktop\Download Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [ComodoFSFirefox] - "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /f HKLM-x32\...\Run: [PrivDogService] - "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe" StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll No File BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll No File Task: {1B2486DA-FF8C-490B-9654-882ECCCD545E} - System32\Tasks\{748FA843-EF89-4E77-A92D-8FFCBE667ABA} => E:\BESTplayer.exe Task: {1B92D797-2603-4B8C-BD59-4118A62B042C} - System32\Tasks\{BA03EC2B-B7C6-4B99-A3A8-4FE5AFE3EE19} => Firefox.exe Task: {250A2ECA-7AF5-4090-8D5D-B7ED270F3CCB} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: {27A615FA-779A-4295-B9F9-0F6105D235FD} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: {528CB868-74F9-446C-9D09-DD5A043EEB7F} - System32\Tasks\{579E6AE7-28A3-443A-9CCC-2C48AF66C646} => E:\Bejeweled 3 Instalacja (PeÅ‚na Wersja).exe Task: {B00D254E-2FE4-4CCE-A611-CA2D8E0787F1} - System32\Tasks\{E38633A8-DA44-4647-AAF7-56F5C8436616} => E:\BESTplayer.exe Task: {E9CEE61E-C393-4D8B-9437-61D6EF6B2B5E} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] C:\user.js C:\Users\Tomasz\AppData\Local\AdTrustMedia C:\Users\Tomasz\AppData\Roaming\systweak C:\Windows\system32\roboot64.exe Reg: reg query HKLM\SOFTWARE\Microsoft\Rpc\Internet Reg: reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Rpc\Internet Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: rd /s /q C:\ProgramData\Kaspersky Lab CMD: rd /s /q "C:\Users\Tomasz\Doctor Web" CMD: rd /s /q "C:\Users\Tomasz\Desktop\Stare dane programu Firefox" ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ComodoFSFirefox => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PrivDogService => Value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully. HKCR\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B2486DA-FF8C-490B-9654-882ECCCD545E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2486DA-FF8C-490B-9654-882ECCCD545E} => Key deleted successfully. C:\Windows\System32\Tasks\{748FA843-EF89-4E77-A92D-8FFCBE667ABA} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{748FA843-EF89-4E77-A92D-8FFCBE667ABA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B92D797-2603-4B8C-BD59-4118A62B042C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B92D797-2603-4B8C-BD59-4118A62B042C} => Key deleted successfully. C:\Windows\System32\Tasks\{BA03EC2B-B7C6-4B99-A3A8-4FE5AFE3EE19} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BA03EC2B-B7C6-4B99-A3A8-4FE5AFE3EE19} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{250A2ECA-7AF5-4090-8D5D-B7ED270F3CCB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{250A2ECA-7AF5-4090-8D5D-B7ED270F3CCB} => Key deleted successfully. C:\Windows\System32\Tasks\RegClean Pro => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27A615FA-779A-4295-B9F9-0F6105D235FD} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27A615FA-779A-4295-B9F9-0F6105D235FD} => Key deleted successfully. C:\Windows\System32\Tasks\RegClean Pro_DEFAULT => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{528CB868-74F9-446C-9D09-DD5A043EEB7F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{528CB868-74F9-446C-9D09-DD5A043EEB7F} => Key deleted successfully. C:\Windows\System32\Tasks\{579E6AE7-28A3-443A-9CCC-2C48AF66C646} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{579E6AE7-28A3-443A-9CCC-2C48AF66C646} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B00D254E-2FE4-4CCE-A611-CA2D8E0787F1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B00D254E-2FE4-4CCE-A611-CA2D8E0787F1} => Key deleted successfully. C:\Windows\System32\Tasks\{E38633A8-DA44-4647-AAF7-56F5C8436616} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E38633A8-DA44-4647-AAF7-56F5C8436616} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9CEE61E-C393-4D8B-9437-61D6EF6B2B5E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9CEE61E-C393-4D8B-9437-61D6EF6B2B5E} => Key deleted successfully. C:\Windows\System32\Tasks\RegClean Pro_UPDATES => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key deleted successfully. C:\Windows\Tasks\RegClean Pro_DEFAULT.job => Moved successfully. C:\Windows\Tasks\RegClean Pro_UPDATES.job => Moved successfully. ewusbmbb => Service deleted successfully. huawei_enumerator => Service deleted successfully. hwdatacard => Service deleted successfully. C:\user.js => Moved successfully. C:\Users\Tomasz\AppData\Local\AdTrustMedia => Moved successfully. C:\Users\Tomasz\AppData\Roaming\systweak => Moved successfully. C:\Windows\system32\roboot64.exe => Moved successfully. ========= reg query HKLM\SOFTWARE\Microsoft\Rpc\Internet ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet UseInternetPorts REG_SZ N ========= End of Reg: ========= ========= reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Rpc\Internet ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Rpc\Internet UseInternetPorts REG_SZ N ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= rd /s /q C:\ProgramData\Kaspersky Lab ========= Nie mo¾na odnale«† okre˜lonego pliku. Nie mo¾na odnale«† okre˜lonego pliku. ========= End of CMD: ========= ========= rd /s /q "C:\Users\Tomasz\Doctor Web" ========= ========= End of CMD: ========= ========= rd /s /q "C:\Users\Tomasz\Desktop\Stare dane programu Firefox" ========= ========= End of CMD: ========= ==== End of Fixlog ====