Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by Grzegorz at 2014-04-09 18:25:45 Run:1 Running from C:\Users\Grzegorz\Desktop\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** (Advanced Micro Devices, Inc.) C:\Users\Grzegorz\AppData\Roaming\AMD 3DVision Control Center\atidimsvc.exe U3 84197c4d; C:\Windows\1299978628:2078704562.exe [0 ] () R2 Expresso Updater; C:\ProgramProgram Files\Expresso\ExtensionUpdaterService.exe [183296 2012-03-05] () S3 McComponentHostService; C:\ProgramProgram Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.) HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Winlogon: [Shell] C:\Users\Grzegorz\AppData\Local\84197c4d\X [30720 2011-12-03] () HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\...\Run: [AMD CATALYST™ HydraVision Dynamic Link] - C:\Users\Grzegorz\AppData\Roaming\Innuendo Logic\aticfx32.exe [275968 2013-08-13] (Advanced Micro Devices, Inc.) SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - URL http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=38AF001A4D6D98B2&affID=125032&tsp=5028 SearchScopes: HKCU - 63C312B198E8492E95F9B7F42AF38624 URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=cd320bb6-32b0-4533-ab37-8424e67dcb00&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=2&src=sp&cf=&q={searchTerms} SearchScopes: HKCU - {B4D1E127-FE08-43F0-A8D2-7323A321C978} URL = http://www.resultscan.com/?prt=RstscnAMON&keywords={searchTerms} SearchScopes: HKCU - {BC7F5443-FD45-476F-9DEB-149AA5C0BC52} URL = SearchScopes: HKCU - {C84D42AB-FE3E-467F-B2E2-06740616EA76} URL = http://search.softonic.com/MON00084/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=718 SearchScopes: HKCU - {D5A8030F-1D56-4552-A780-B58ABF59EC19} URL = http://search.avg.com/?d=4de0c382&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 BHO: Expresso - {A6629839-6636-4998-95D6-2B0F52141861} - C:\ProgramProgram Files\Expresso\Extension32.dll () BHO: sleekseek - {33026f2b-918a-904c-b97b-dd0ced5c9d54} - C:\Windows\system32\eec92006.dll () BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\ProgramProgram Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{A6629839-6636-4998-95D6-2B0F52141861}] - C:\Program Files\Expresso\Firefox C:\Program Files\Mozilla Firefox\extensions C:\Program Files\mozilla firefox\plugins C:\ProgramData\c14129c97f045993edfa0dca13874a42_c C:\Users\Grzegorz\AppData\Local\84197c4d C:\Users\Grzegorz\AppData\Local\promo.exe C:\Users\Grzegorz\AppData\Roaming\AMD 3DVision Control Center C:\Users\Grzegorz\AppData\Roaming\Innuendo Logic C:\Windows\System32\2a3fbdff.exe C:\Windows\System32\eec92006.dll C:\Windows\System32\unrar.dll Unlock: C:\Windows\$NtUninstallKB1963$ Unlock: C:\Windows\1299978628 C:\Windows\1299978628 CMD: fsutil reparsepoint delete C:\Windows\$NtUninstallKB1963$ Reboot: ***************** [3384] C:\Users\Grzegorz\AppData\Roaming\AMD 3DVision Control Center\atidimsvc.exe => Process closed successfully. 84197c4d => Service deleted successfully. Expresso Updater => Service stopped successfully. Expresso Updater => Service deleted successfully. McComponentHostService => Service deleted successfully. HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\S-1-5-21-3187870866-3550116853-2859755729-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AMD CATALYST™ HydraVision Dynamic Link => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\63C312B198E8492E95F9B7F42AF38624 => Key deleted successfully. HKCR\Wow6432Node\CLSID\63C312B198E8492E95F9B7F42AF38624 => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4D1E127-FE08-43F0-A8D2-7323A321C978} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B4D1E127-FE08-43F0-A8D2-7323A321C978} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC7F5443-FD45-476F-9DEB-149AA5C0BC52} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BC7F5443-FD45-476F-9DEB-149AA5C0BC52} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C84D42AB-FE3E-467F-B2E2-06740616EA76} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{C84D42AB-FE3E-467F-B2E2-06740616EA76} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5A8030F-1D56-4552-A780-B58ABF59EC19} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{D5A8030F-1D56-4552-A780-B58ABF59EC19} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6629839-6636-4998-95D6-2B0F52141861} => Key deleted successfully. HKCR\CLSID\{A6629839-6636-4998-95D6-2B0F52141861} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33026f2b-918a-904c-b97b-dd0ced5c9d54} => Key deleted successfully. HKCR\CLSID\{33026f2b-918a-904c-b97b-dd0ced5c9d54} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully. HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully. HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => Key deleted successfully. C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} => Value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => Value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{A6629839-6636-4998-95D6-2B0F52141861} => Value deleted successfully. C:\Program Files\Mozilla Firefox\extensions => Moved successfully. C:\Program Files\Mozilla Firefox\plugins => Moved successfully. C:\ProgramData\c14129c97f045993edfa0dca13874a42_c => Moved successfully. "C:\Users\Grzegorz\AppData\Local\84197c4d" directory move: C:\Users\Grzegorz\AppData\Local\84197c4d\@ => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\loader.tlb => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\X => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\U\00000001.@ => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\U\000000c0.@ => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\U\000000cb.@ => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\U\000000cf.@ => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\U\80000000.@ => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\U\800000c0.@ => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\U\800000cb.@ => Moved successfully. C:\Users\Grzegorz\AppData\Local\84197c4d\U\800000cf.@ => Moved successfully. Could not move "C:\Users\Grzegorz\AppData\Local\84197c4d" directory. => Scheduled to move on reboot. C:\Users\Grzegorz\AppData\Local\promo.exe => Moved successfully. C:\Users\Grzegorz\AppData\Roaming\AMD 3DVision Control Center => Moved successfully. C:\Users\Grzegorz\AppData\Roaming\Innuendo Logic => Moved successfully. C:\Windows\System32\2a3fbdff.exe => Moved successfully. C:\Windows\System32\eec92006.dll => Moved successfully. C:\Windows\System32\unrar.dll => Moved successfully. "C:\Windows\$NtUninstallKB1963$" => File/Directory unlocked successfully. "C:\Windows\1299978628" => File/Directory unlocked successfully. C:\Windows\1299978628 => Moved successfully. ========= fsutil reparsepoint delete C:\Windows\$NtUninstallKB1963$ ========= ========= End of CMD: ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-09 18:29:21)<= C:\Users\Grzegorz\AppData\Local\84197c4d => Moved successfully. ==== End of Fixlog ====