Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014 Ran by Dominik at 2014-04-24 23:52:08 Run:1 Running from C:\Users\Dominik\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx [2014-01-20] CHR HKLM-x32\...\Chrome\Extension: [cfmfcdlgkegoblkmhfbglnmemlkngapa] - C:\Users\Dominik\AppData\Local\Temp\Vuze_Toolbar.crx [2014-01-20] CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Dominik\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx [2014-01-20] CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom16.crx [2014-04-15] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File SearchScopes: HKCU - DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} BHO-x32: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} HKU\S-1-5-21-3208515226-2010266281-175035788-1001\...\Run: [] => [X] Startup: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 Passthru; system32\DRIVERS\PPFlt.sys [X] S3 SliceDisk5; \??\C:\Users\Dominik\AppData\Local\Temp\HBCD\PartitionFindAndMount\slicedisk-x64.sys [X] S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] S3 vserial; System32\DRIVERS\vserial.sys [X] C:\Program Files\Enigma Software Group C:\Program Files (x86)\Mozilla Firefox\extensions C:\Program Files (x86)\mozilla firefox\plugins C:\Program Files (x86)\fbphotozoom C:\Program Files (x86)\WinToFlash Suggestor C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODEON C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinGrub C:\Users\Dominik\AppData\Local\RewardsArcade C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\home2@tomtom.com C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line C:\Users\Dominik\Desktop\Dokumenty pod ręką\Pendrive 7.11.2012\OLT raporty\Skrót do OTL.Txt.lnk C:\Users\Dominik\Downloads\SpyHunter-Installer.exe C:\Users\Gość\Desktop\*.lnk C:\Users\Gość\Desktop\*.txt C:\Users\Gość\Downloads\*.exe C:\Users\UpdatusUser\Desktop\*.lnk C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP CMD: netsh advfirewall reset Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlazeServoTool" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RSS Alert" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spybot-S&D Cleaning" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yontoo Desktop" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf => Key deleted successfully. "C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cfmfcdlgkegoblkmhfbglnmemlkngapa => Key deleted successfully. "C:\Users\Dominik\AppData\Local\Temp\Vuze_Toolbar.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh => Key deleted successfully. "C:\Users\Dominik\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid => Key deleted successfully. "C:\Program Files (x86)\fbphotozoom\fbphotozoom16.crx" => File/Directory not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => Key deleted successfully. C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => Key deleted successfully. HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{1241F20B-0688-45A5-ADB2-208AFE4A5DDC} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{1241F20B-0688-45A5-ADB2-208AFE4A5DDC} => Key deleted successfully. HKU\S-1-5-21-3208515226-2010266281-175035788-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk => Moved successfully. catchme => Service deleted successfully. Passthru => Service deleted successfully. SliceDisk5 => Service deleted successfully. usbbus => Service deleted successfully. UsbDiag => Service deleted successfully. USBModem => Service deleted successfully. vserial => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. "C:\Program Files (x86)\fbphotozoom" => File/Directory not found. "C:\Program Files (x86)\WinToFlash Suggestor" => File/Directory not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODEON => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinGrub => Moved successfully. "C:\Users\Dominik\AppData\Local\RewardsArcade" => File/Directory not found. C:\Users\Dominik\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com => Moved successfully. C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line => Moved successfully. C:\Users\Dominik\Desktop\Dokumenty pod ręką\Pendrive 7.11.2012\OLT raporty\Skrót do OTL.Txt.lnk => Moved successfully. C:\Users\Dominik\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Gość\Desktop\*.lnk => Moved successfully. C:\Users\Gość\Desktop\*.txt => Moved successfully. C:\Users\Gość\Downloads\*.exe => Moved successfully. C:\Users\UpdatusUser\Desktop\*.lnk => Moved successfully. C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlazeServoTool" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RSS Alert" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spybot-S&D Cleaning" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yontoo Desktop" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====