Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2014 03 Ran by User at 2014-04-27 12:11:55 Run:1 Running from C:\Users\User\Desktop\Śmieci\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** (ATI Technologies) C:\Users\User\AppData\Local\ATI Technologies\atiedxx.exe HKU\S-1-5-21-3098141968-229038557-363801865-1000\...\Run: [AtiDriverStart] => C:\Users\User\AppData\Local\ATI Technologies\atidxx.exe [55296 2014-04-19] () HKU\S-1-5-21-3098141968-229038557-363801865-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\392817338.exe <===== ATTENTION Task: {11E4BA1E-59F0-4A27-8223-0AE98A321B8E} - \{E7337222-747A-44CD-BA7E-BAF9F25E7E1D} No Task File <==== ATTENTION Task: {18032311-6995-483F-8B85-E42550C5C93C} - \{0C64A4FC-0D46-4937-81B4-B71CBEDEB4FB} No Task File <==== ATTENTION Task: {4CB7ED37-3D1C-42F2-93DC-00492ECFB055} - \{54EDE931-AB67-4F46-96AF-AC0B14CCD3B5} No Task File <==== ATTENTION Task: {5B96CC2D-860C-409B-8168-63A7135398F8} - \{C45D4A54-9CA4-4FDE-A4BA-91382D5F0E37} No Task File <==== ATTENTION Task: {869899EC-72B0-44A7-AF60-494016505014} - \{D81C0DEA-A951-4347-BEE1-AD6D7C2468C8} No Task File <==== ATTENTION Task: {A6185F89-0E3D-43AA-A45D-3DEE116F8C21} - \{D8AF5BB8-CD94-4879-A10A-3E0AAE08E3A6} No Task File <==== ATTENTION Task: {A8882957-A3F3-4746-9015-33DC352C7319} - \{080BCE72-370C-4326-8D70-A2BE76F0892E} No Task File <==== ATTENTION Task: {B14D15C8-EACB-4ED1-9DDC-A026135E6CCE} - \{EF44F163-E82D-4809-AD16-FBF62EA82CA1} No Task File <==== ATTENTION Task: {BFB8ABE8-351E-470E-8A9C-8415A0FBDEA6} - \{BCC3C208-398B-4B30-B999-DE781116554A} No Task File <==== ATTENTION Task: {C74F3CB9-F7E7-4019-BA5A-935287EE3F17} - \{3AC2773F-78C0-497C-9B7C-7E3547A21A64} No Task File <==== ATTENTION Task: {D49D3981-BB94-4E34-A3CB-39842AE21409} - \{C9082508-2C83-420D-B103-56E549FE6046} No Task File <==== ATTENTION Task: {DA26440A-8572-4919-9B1E-88C69D5BE96A} - \{D34ABC04-B7FD-4309-ACA9-B325B7C6F4AC} No Task File <==== ATTENTION S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] S3 XFDriver64; \??\D:\Program\Xfire2\XFDriver64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\18svema1.default\user.js FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF Folder: C:\Users\User\AppData\Local\ATI Technologies C:\Users\User\AppData\Local\ATI Technologies C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlagueInc 1.0 Reg: reg delete "HKCU\Software\Microsoft\Windows Script" /f Reg: reg delete "HKCU\Software\Microsoft\Windows Script Host" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BitGuard" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Configuration" /f Reg: reg add HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v Start /t REG_DWORD /d 0x2 /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: rd /s /q C:\_OTL Reboot: ***************** [2556] C:\Users\User\AppData\Local\ATI Technologies\atiedxx.exe => Process closed successfully. HKU\S-1-5-21-3098141968-229038557-363801865-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AtiDriverStart => Value deleted successfully. HKU\S-1-5-21-3098141968-229038557-363801865-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11E4BA1E-59F0-4A27-8223-0AE98A321B8E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E4BA1E-59F0-4A27-8223-0AE98A321B8E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E7337222-747A-44CD-BA7E-BAF9F25E7E1D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18032311-6995-483F-8B85-E42550C5C93C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18032311-6995-483F-8B85-E42550C5C93C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C64A4FC-0D46-4937-81B4-B71CBEDEB4FB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CB7ED37-3D1C-42F2-93DC-00492ECFB055} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB7ED37-3D1C-42F2-93DC-00492ECFB055} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54EDE931-AB67-4F46-96AF-AC0B14CCD3B5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B96CC2D-860C-409B-8168-63A7135398F8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B96CC2D-860C-409B-8168-63A7135398F8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C45D4A54-9CA4-4FDE-A4BA-91382D5F0E37} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{869899EC-72B0-44A7-AF60-494016505014} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{869899EC-72B0-44A7-AF60-494016505014} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D81C0DEA-A951-4347-BEE1-AD6D7C2468C8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6185F89-0E3D-43AA-A45D-3DEE116F8C21} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6185F89-0E3D-43AA-A45D-3DEE116F8C21} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D8AF5BB8-CD94-4879-A10A-3E0AAE08E3A6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8882957-A3F3-4746-9015-33DC352C7319} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8882957-A3F3-4746-9015-33DC352C7319} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{080BCE72-370C-4326-8D70-A2BE76F0892E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B14D15C8-EACB-4ED1-9DDC-A026135E6CCE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B14D15C8-EACB-4ED1-9DDC-A026135E6CCE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF44F163-E82D-4809-AD16-FBF62EA82CA1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFB8ABE8-351E-470E-8A9C-8415A0FBDEA6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFB8ABE8-351E-470E-8A9C-8415A0FBDEA6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCC3C208-398B-4B30-B999-DE781116554A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C74F3CB9-F7E7-4019-BA5A-935287EE3F17} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C74F3CB9-F7E7-4019-BA5A-935287EE3F17} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3AC2773F-78C0-497C-9B7C-7E3547A21A64} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D49D3981-BB94-4E34-A3CB-39842AE21409} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D49D3981-BB94-4E34-A3CB-39842AE21409} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9082508-2C83-420D-B103-56E549FE6046} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA26440A-8572-4919-9B1E-88C69D5BE96A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA26440A-8572-4919-9B1E-88C69D5BE96A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D34ABC04-B7FD-4309-ACA9-B325B7C6F4AC} => Key deleted successfully. EagleX64 => Service deleted successfully. MSICDSetup => Service deleted successfully. NTIOLib_1_0_C => Service deleted successfully. XFDriver64 => Service deleted successfully. xhunter1 => Service deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\18svema1.default\user.js => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => Value deleted successfully. ========================= Folder: C:\Users\User\AppData\Local\ATI Technologies ======================== 2014-04-19 22:45 - 2014-04-19 22:45 - 0055296 _____ () C:\Users\User\AppData\Local\ATI Technologies\atidxx.exe 2014-04-19 22:45 - 2014-04-19 22:45 - 2976270 _____ (ATI Technologies) C:\Users\User\AppData\Local\ATI Technologies\atiedxx.exe 2014-04-20 20:25 - 2014-04-20 20:25 - 1471140 _____ () C:\Users\User\AppData\Local\ATI Technologies\scrypt130511Tahitiglg2tc4032w256l4.bin ====== End of Folder: ====== C:\Users\User\AppData\Local\ATI Technologies => Moved successfully. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlagueInc 1.0 => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Windows Script" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Windows Script Host" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BitGuard" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Configuration" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v Start /t REG_DWORD /d 0x2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= rd /s /q C:\_OTL ========= ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====