Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-02-2014 Ran by Krzysiek at 2014-02-22 13:49:36 Run:1 Running from C:\Documents and Settings\Krzysiek\Moje dokumenty Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-2000478354-1532298954-725345543-1004\...\Policies\Explorer: [LockTaskbar] 0 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File Toolbar: HKLM - No Name - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No File Unlock: HKLM\SYSTEM\CurrentControlSet\Services\sptd S3 cleanhlp; \??\C:\EEK\Run\cleanhlp32.sys [X] S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [X] S3 P2k; system32\DRIVERS\P2k.sys [X] S3 rkhdrv40; No ImagePath S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] S3 VirtualFD; \??\C:\Documents and Settings\Krzysiek\Moje dokumenty\Pobieranie\vfd.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC} C:\Documents and Settings\Krzysiek\AVGIDSAgent C:\Documents and Settings\All Users\Dane aplikacji\*.bdinstall.bin C:\Documents and Settings\All Users\Dane aplikacji\CheckPoint C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro C:\Documents and Settings\All Users\Dane aplikacji\MicroWorld C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Documents and Settings\Krzysiek\Dane aplikacji\newnext.me C:\Documents and Settings\Krzysiek\Dane aplikacji\ProgSense C:\Documents and Settings\Krzysiek\Dane aplikacji\TestApp C:\Documents and Settings\LocalService\Dane aplikacji\QuickScan C:\Program Files\Spybot - Search & Destroy Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully. HKU\S-1-5-21-2000478354-1532298954-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LockTaskbar => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => Value deleted successfully. HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} => Value deleted successfully. HKCR\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} => Key not found. "HKLM\SYSTEM\CurrentControlSet\Services\sptd" => Key unlocked successfully. cleanhlp => Service deleted successfully. ESProtectionDriver => Service deleted successfully. P2k => Service deleted successfully. rkhdrv40 => Service deleted successfully. sptd => Service deleted successfully. VirtualFD => Service deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC => Key deleted successfully. AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC} => The item is protected. Make sure the software is uninstalled and its services are removed. C:\Documents and Settings\Krzysiek\AVGIDSAgent => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\*.bdinstall.bin => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\CheckPoint => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\MicroWorld => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\TEMP => Moved successfully. C:\Documents and Settings\Krzysiek\Dane aplikacji\newnext.me => Moved successfully. C:\Documents and Settings\Krzysiek\Dane aplikacji\ProgSense => Moved successfully. C:\Documents and Settings\Krzysiek\Dane aplikacji\TestApp => Moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\QuickScan => Moved successfully. C:\Program Files\Spybot - Search & Destroy => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ==== End of Fixlog ====