Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-05-2015 Ran by Mirek at 2015-05-05 13:32:13 Run:2 Running from C:\Users\Mirek\Desktop Loaded Profiles: Mirek (Available profiles: Mirek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKU\S-1-5-21-3906198643-2151299363-1251718266-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3906198643-2151299363-1251718266-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3906198643-2151299363-1251718266-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = BBHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File Task: {3042C6F7-C81A-4884-A358-8CD65D7D7150} - System32\Tasks\{7A25796B-3F1D-46AD-A4E0-393211C6BFBB} => pcalua.exe -a "D:\Program Files\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=all Task: {6C0CE21F-A52A-47B0-A420-503871E63598} - System32\Tasks\{02E8244A-4E0F-412A-92DA-EBCD1507EB4F} => pcalua.exe -a "C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647" Task: {8DBFA5C8-E8CA-4ECB-8C29-125C4A4AF45F} - System32\Tasks\{8ED4AE12-097D-43C0-8793-043A7A9B8556} => pcalua.exe -a C:\Users\Mirek\Downloads\AutodeskDownloadManagerSetup.exe -d C:\Users\Mirek\Downloads Task: {B6FA9C7D-F968-456C-9570-BA94EE656EE8} - System32\Tasks\{EF77839D-E448-4709-A136-D2FF24748CEA} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/pl/abandoninstall?page=tsProgressBar Reg: reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /s EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found. HKU\S-1-5-21-3906198643-2151299363-1251718266-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-3906198643-2151299363-1251718266-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-3906198643-2151299363-1251718266-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => Key deleted successfully. HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => Key not found. "HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3042C6F7-C81A-4884-A358-8CD65D7D7150}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3042C6F7-C81A-4884-A358-8CD65D7D7150}" => Key deleted successfully. C:\Windows\System32\Tasks\{7A25796B-3F1D-46AD-A4E0-393211C6BFBB} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A25796B-3F1D-46AD-A4E0-393211C6BFBB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C0CE21F-A52A-47B0-A420-503871E63598}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C0CE21F-A52A-47B0-A420-503871E63598}" => Key deleted successfully. C:\Windows\System32\Tasks\{02E8244A-4E0F-412A-92DA-EBCD1507EB4F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{02E8244A-4E0F-412A-92DA-EBCD1507EB4F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DBFA5C8-E8CA-4ECB-8C29-125C4A4AF45F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DBFA5C8-E8CA-4ECB-8C29-125C4A4AF45F}" => Key deleted successfully. C:\Windows\System32\Tasks\{8ED4AE12-097D-43C0-8793-043A7A9B8556} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8ED4AE12-097D-43C0-8793-043A7A9B8556}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6FA9C7D-F968-456C-9570-BA94EE656EE8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6FA9C7D-F968-456C-9570-BA94EE656EE8}" => Key deleted successfully. C:\Windows\System32\Tasks\{EF77839D-E448-4709-A136-D2FF24748CEA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF77839D-E448-4709-A136-D2FF24748CEA}" => Key deleted successfully. ========= reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes DefaultScope REG_SZ {0633EE93-D776-472f-A0FF-E1416B8B2E3A} DoNotAskAgain REG_SZ search-simple.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch (domy˜lny) REG_SZ Bing URL REG_SZ http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC DisplayName REG_SZ @ieframe.dll,-12512 ========= End of Reg: ========= EmptyTemp: => Removed 4.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 13:33:27 ====