Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Seweryn at 2014-05-29 15:36:38 Run:1
Running from C:\Users\Seweryn\Desktop
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
(SafetyNut Inc) C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe
(SafetyNut Inc) C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe
(SafetyNut Inc) C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetynut.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetycrt.dll [489992 2014-05-12] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\safetycrt.dll [664584 2014-05-12] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
R2 SafetyNutManager; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe [3544072 2014-05-12] (SafetyNut Inc)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\configmgrc1.cfg [36224 2014-05-12] (SafetyNut Inc)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
C:\Windows\SysWow64\Drivers\StarOpen.sys
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 KeyP; SYSTEM32\DRIVERS\KEYP.SYS [X]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [X]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
Task: {3660812E-9F3C-4339-AB8D-B4256FF0DFD1} - System32\Tasks\SLOW-PCfighter => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
Task: {7A40FD07-A3DB-40FA-84AF-0BDE364FB477} - \Program aktualizacji online produktu Real Player. No Task File <==== ATTENTION
Task: {7D42AF1A-730F-4D59-B58F-DCD393D220D9} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\Driver Robot.lnk
Task: {B5A63802-415E-466C-920E-3979336BAE7C} - System32\Tasks\{59C50064-62C2-49CE-9376-F041E61D0CE1} => C:\Program Files (x86)\vag-com-max2000\VagCom-SVO3031a-n.exe
Task: {E9D4ABBD-D1DA-4C7B-AC8B-195AF83BC020} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: {FA905027-001E-40DD-A09D-E7182D705B58} - System32\Tasks\SLOW-PCfighter64 => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN11459&gct=hp&d=488-209&v=a12627-338&t=4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=209&systemid=488&v=a12627-338&apn_uid=2591851358814523&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=209&systemid=488&v=a12627-338&apn_uid=2591851358814523&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {E4B106E2-C3F2-4098-9E9C-3A6217EF71D6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss&mntrId=E44F761A042FE497
SearchScopes: HKCU - {8E307E27-13D6-4FCF-B144-0AF90D3B315F} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=209&systemid=488&v=a12627-338&apn_uid=2591851358814523&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {E4B106E2-C3F2-4098-9E9C-3A6217EF71D6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Seweryn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
C:\Users\Seweryn\AppData\Local\AdTrustMedia
C:\Users\Seweryn\AppData\Roaming\AVG
Reg: reg delete HKCU\Software\Google /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f
Reboot:


*****************

C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe => No running process found
C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe => No running process found
C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetynut.exe => No running process found
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully.
SafetyNutManager => Service deleted successfully.
F06DEFF2-5B9C-490D-910F-35D3A9119622 => Service deleted successfully.
StarOpen => Service deleted successfully.
C:\Windows\SysWow64\Drivers\StarOpen.sys => Moved successfully.
catchme => Service deleted successfully.
KeyP => Service deleted successfully.
nmwcdcx64 => Service deleted successfully.
nmwcdnsucx64 => Service deleted successfully.
nmwcdnsux64 => Service deleted successfully.
nmwcdx64 => Service deleted successfully.
pccsmcfd => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MpfService => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3660812E-9F3C-4339-AB8D-B4256FF0DFD1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3660812E-9F3C-4339-AB8D-B4256FF0DFD1} => Key deleted successfully.
C:\Windows\System32\Tasks\SLOW-PCfighter => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SLOW-PCfighter => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A40FD07-A3DB-40FA-84AF-0BDE364FB477} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A40FD07-A3DB-40FA-84AF-0BDE364FB477} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online produktu Real Player. => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D42AF1A-730F-4D59-B58F-DCD393D220D9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D42AF1A-730F-4D59-B58F-DCD393D220D9} => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Robot => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Robot => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5A63802-415E-466C-920E-3979336BAE7C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5A63802-415E-466C-920E-3979336BAE7C} => Key deleted successfully.
C:\Windows\System32\Tasks\{59C50064-62C2-49CE-9376-F041E61D0CE1} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{59C50064-62C2-49CE-9376-F041E61D0CE1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9D4ABBD-D1DA-4C7B-AC8B-195AF83BC020} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D4ABBD-D1DA-4C7B-AC8B-195AF83BC020} => Key deleted successfully.
C:\Windows\System32\Tasks\McQcModifier-5c47-a7b0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McQcModifier-5c47-a7b0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA905027-001E-40DD-A09D-E7182D705B58} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA905027-001E-40DD-A09D-E7182D705B58} => Key deleted successfully.
C:\Windows\System32\Tasks\SLOW-PCfighter64 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SLOW-PCfighter64 => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E307E27-13D6-4FCF-B144-0AF90D3B315F} => Key deleted successfully.
HKCR\CLSID\{8E307E27-13D6-4FCF-B144-0AF90D3B315F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4B106E2-C3F2-4098-9E9C-3A6217EF71D6} => Key deleted successfully.
HKCR\CLSID\{E4B106E2-C3F2-4098-9E9C-3A6217EF71D6} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => Key deleted successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => Key deleted successfully.
C:\Users\Seweryn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Users\Seweryn\AppData\Local\AdTrustMedia => Moved successfully.
C:\Users\Seweryn\AppData\Roaming\AVG => Moved successfully.

========= reg delete HKCU\Software\Google /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========



The system needed a reboot. 

==== End of Fixlog ====