Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by SYSTEM at 2014-04-05 08:53:59 Run:2 Running from F:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lf0elc4rj.lnk HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=ST9640320AS_5WX1411K____5WX1411K&ts=1357756836 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://isearch.avg.com/?cid={8EB66A9A-3054-428C-B4D7-D71B382594FB}&mid=346767be4fef47d0be55f1867682e3fb-ad109eed7d82129fa99f2439e66e0179dd8afcce&lang=pl&ds=xn011&pr=sa&d=2013-01-08 21:49:26&v=13.3.0.17&sap=hp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=ST9640320AS_5WX1411K____5WX1411K&ts=1357756836 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=ST9640320AS_5WX1411K____5WX1411K&ts=1357756836 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111007180115649&tb_oid=07-10-2011&tb_mrud=07-10-2011 SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111007180115649&tb_oid=07-10-2011&tb_mrud=07-10-2011 SearchScopes: HKCU - F6EA237BD13C4538845B7F4E4C396681 URL = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=702eec3e00000000000020cf30660a08 SearchScopes: HKCU - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20130108&user_guid=971227D93A1C47359E4FF995780DC70E&machine_id=77713ea934c9a7c2b8cc18cd7dba0951&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541401857873905 SearchScopes: HKCU - {ECF6F383-5693-4CFB-8392-A9B1D54568E1} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=E81E811E-0CD2-4703-B6BB-00746D99C0E3&apn_sauid=6299E8C5-E1A2-43A6-8FBA-13AB34A6F5D4 SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111007180115649&tb_oid=07-10-2011&tb_mrud=07-10-2011 BHO-x32: brincome browser plug-in - {71D73763-42AD-6E18-24FB-CCA9A5A8E839} - C:\Windows\SysWow64\oriuvolxbelipfbbv.dll No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 ATE_PROCMON; \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys [X] U3 tmlwf; U3 tmwfp; C:\Program Files (x86)\Mozilla Firefox\extensions C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Matroska Pack C:\Users\asus\AppData\Local\Google C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FDPRO-516" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GPUTemp" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\messenger.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reboot: ***************** Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start not found. HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=ST9640320AS_5WX1411K____5WX1411K&ts=1357756836 => Error: The entry should be fixed outside recovery mode. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://isearch.avg.com/?cid={8EB66A9A-3054-428C-B4D7-D71B382594FB}&mid=346767be4fef47d0be55f1867682e3fb-ad109eed7d82129fa99f2439e66e0179dd8afcce&lang=pl&ds=xn011&pr=sa&d=2013-01-08 => Error: The entry should be fixed outside recovery mode. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL => Error: The entry should be fixed outside recovery mode. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=ST9640320AS_5WX1411K____5WX1411K&ts=1357756836 => Error: The entry should be fixed outside recovery mode. StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet => Error: The entry should be fixed outside recovery mode. SearchScopes: HKLM-x32 - DefaultScope => Error: The entry should be fixed outside recovery mode. SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 => Error: The entry should be fixed outside recovery mode. SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111007180115649&tb_oid=07-10-2011&tb_mrud=07-10-2011 => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - F6EA237BD13C4538845B7F4E4C396681 URL = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=702eec3e00000000000020cf30660a08 => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20130108&user_guid=971227D93A1C47359E4FF995780DC70E&machine_id=77713ea934c9a7c2b8cc18cd7dba0951&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source} => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms} => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541401857873905 => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {ECF6F383-5693-4CFB-8392-A9B1D54568E1} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=E81E811E-0CD2-4703-B6BB-00746D99C0E3&apn_sauid=6299E8C5-E1A2-43A6-8FBA-13AB34A6F5D4 => Error: The entry should be fixed outside recovery mode. SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111007180115649&tb_oid=07-10-2011&tb_mrud=07-10-2011 => Error: The entry should be fixed outside recovery mode. BHO-x32: brincome browser plug-in - {71D73763-42AD-6E18-24FB-CCA9A5A8E839} => Error: The entry should be fixed outside recovery mode. Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File => Error: The entry should be fixed outside recovery mode. Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File => Error: The entry should be fixed outside recovery mode. Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File => Error: The entry should be fixed outside recovery mode. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. FF HKLM-x32\...\Firefox\Extensions: => Error: The entry should be fixed outside recovery mode. CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION => Error: The entry should be fixed outside recovery mode. ATE_PROCMON => Service deleted successfully. tmlwf => Service deleted successfully. tmwfp => Service deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Matroska Pack => Moved successfully. C:\Users\asus\AppData\Local\Google => Moved successfully. "C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab" => File/Directory not found. "C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick" => File/Directory not found. ========= reg delete HKCU\Software\Google /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared ========= ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared ========= ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared ========= ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared ========= ========= End of Reg: ========= Reboot: => Error: The entry should be fixed outside recovery mode. ==== End of Fixlog ====