Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014 Ran by Marta at 2014-09-11 08:38:47 Run:1 Running from C:\Users\Marta\Desktop\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-421937301-649035308-745041611-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-421937301-649035308-745041611-1000\...\Run: [Power2GoExpress] => NA HKU\S-1-5-21-421937301-649035308-745041611-1001\...\Run: [syshost32] => C:\Users\Marta\AppData\Local\{B8A42213-B41E-2B52-58E0-508438280BD1}\syshost.exe HKU\S-1-5-21-421937301-649035308-745041611-1001\...\Run: [Gmgwgc] => C:\Users\Marta\AppData\Roaming\Gmgwgc.exe AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll => "c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll" File Not Found HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = fbdirecto.net/1/ http://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKCU - FE439ACCCA2A41938FC2F7ADCFA5C220 URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=5302656637214527&q={searchTerms} SearchScopes: HKCU - {5DD1C60E-CB86-421E-80B2-6421DBC61FA0} URL = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc= Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION U2 CLKMSVC10_3A60B698; No ImagePath U2 CLKMSVC10_C3B3B687; No ImagePath U2 DriverService; No ImagePath U2 IAStorDataMgrSvc; No ImagePath U2 idealife Update Service; No ImagePath U3 IGRS; No ImagePath U2 IviRegMgr; No ImagePath U2 Oasis2Service; No ImagePath U2 PCCarerServic; No ImagePath U2 ReadyComm.DirectRouter; No ImagePath U2 RichVideo; No ImagePath U2 SoftwareService; No ImagePath U2 Stereo Service; No ImagePath HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01381089.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10667509.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\23180710.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67429634.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78736736.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01381089.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\10667509.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\23180710.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67429634.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78736736.sys => ""="Driver" Task: {832E0C0B-7734-42BB-B0AF-0A11742F82AD} - System32\Tasks\{533D9083-8BB5-46EC-BFB9-3F5865D066C0} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/pl/abandoninstall?page=tsMain Task: {A03E687A-75A8-4BDD-9B07-557EDD7AA2DA} - System32\Tasks\{A5340A00-98D1-4ED3-B2D9-64B71EDA13F8} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe Task: {AF5889AC-14BF-4B68-834C-BEB89FE9A31C} - System32\Tasks\{45460307-19EB-434A-B856-8535E60CCB6F} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116.259&LastError=12002 Task: {BE7AB697-9BC3-455F-96E8-5B3FACADF81F} - System32\Tasks\{6566F171-A3DE-4FFE-8274-E4CEF8D0404D} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe Task: {E02119EC-B934-4D16-A104-5E449D77C1EF} - System32\Tasks\{61DEDE7E-08A6-4263-83D6-0797D02B3DAE} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.158&LastError=12002 Task: {F1548E3F-88C9-4C9A-A189-532A3F3153C6} - System32\Tasks\{2D95EF76-82BA-4F55-A4DA-F252E03DF736} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.3.0.105&LastError=12002 RemoveDirectory: C:\Program Files (x86)\mozilla firefox RemoveDirectory: C:\ProgramData\201374f8a2149a2e RemoveDirectory: C:\ProgramData\LizardSales RemoveDirectory: C:\Users\Marta\AppData\Local\CRE RemoveDirectory: C:\Users\Marta\AppData\Roaming\msnmsg RemoveDirectory: C:\Users\Marta\AppData\Roaming\mozilla RemoveDirectory: C:\Users\TEMP RemoveDirectory: C:\Users\TEMP.Marta-Komputer RemoveDirectory: C:\Users\TEMP.Marta-Komputer.000 RemoveDirectory: C:\Users\TEMP.Marta-Komputer.001 RemoveDirectory: C:\Users\TEMP.Marta-Komputer.002 CMD: del /q C:\Users\Marta\AppData\Roaming\*.exe CMD: del /q C:\Windows\SysWOW64\sqlite3.dll Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\nfsDigitalClock03 New Free Screensaver_is1" /f Reg: reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\Search" /f CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. HKU\S-1-5-21-421937301-649035308-745041611-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FactoryTest => value deleted successfully. HKU\S-1-5-21-421937301-649035308-745041611-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => value deleted successfully. HKU\S-1-5-21-421937301-649035308-745041611-1001\Software\Microsoft\Windows\CurrentVersion\Run\\syshost32 => value deleted successfully. HKU\S-1-5-21-421937301-649035308-745041611-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Gmgwgc => value deleted successfully. "c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll" => Value Data removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\FE439ACCCA2A41938FC2F7ADCFA5C220" => Key deleted successfully. "HKCR\CLSID\FE439ACCCA2A41938FC2F7ADCFA5C220" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5DD1C60E-CB86-421E-80B2-6421DBC61FA0}" => Key deleted successfully. "HKCR\CLSID\{5DD1C60E-CB86-421E-80B2-6421DBC61FA0}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. CLKMSVC10_3A60B698 => Service deleted successfully. CLKMSVC10_C3B3B687 => Service deleted successfully. DriverService => Service deleted successfully. IAStorDataMgrSvc => Service deleted successfully. idealife Update Service => Service deleted successfully. IGRS => Service deleted successfully. IviRegMgr => Service deleted successfully. Oasis2Service => Service deleted successfully. PCCarerServic => Service deleted successfully. ReadyComm.DirectRouter => Service deleted successfully. RichVideo => Service deleted successfully. SoftwareService => Service deleted successfully. Stereo Service => Service deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\01381089.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\10667509.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\23180710.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\67429634.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\78736736.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\01381089.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\10667509.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\23180710.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\67429634.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\78736736.sys" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{832E0C0B-7734-42BB-B0AF-0A11742F82AD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{832E0C0B-7734-42BB-B0AF-0A11742F82AD}" => Key deleted successfully. C:\Windows\System32\Tasks\{533D9083-8BB5-46EC-BFB9-3F5865D066C0} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{533D9083-8BB5-46EC-BFB9-3F5865D066C0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A03E687A-75A8-4BDD-9B07-557EDD7AA2DA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A03E687A-75A8-4BDD-9B07-557EDD7AA2DA}" => Key deleted successfully. C:\Windows\System32\Tasks\{A5340A00-98D1-4ED3-B2D9-64B71EDA13F8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A5340A00-98D1-4ED3-B2D9-64B71EDA13F8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF5889AC-14BF-4B68-834C-BEB89FE9A31C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF5889AC-14BF-4B68-834C-BEB89FE9A31C}" => Key deleted successfully. C:\Windows\System32\Tasks\{45460307-19EB-434A-B856-8535E60CCB6F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{45460307-19EB-434A-B856-8535E60CCB6F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE7AB697-9BC3-455F-96E8-5B3FACADF81F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE7AB697-9BC3-455F-96E8-5B3FACADF81F}" => Key deleted successfully. C:\Windows\System32\Tasks\{6566F171-A3DE-4FFE-8274-E4CEF8D0404D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6566F171-A3DE-4FFE-8274-E4CEF8D0404D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E02119EC-B934-4D16-A104-5E449D77C1EF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E02119EC-B934-4D16-A104-5E449D77C1EF}" => Key deleted successfully. C:\Windows\System32\Tasks\{61DEDE7E-08A6-4263-83D6-0797D02B3DAE} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{61DEDE7E-08A6-4263-83D6-0797D02B3DAE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1548E3F-88C9-4C9A-A189-532A3F3153C6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1548E3F-88C9-4C9A-A189-532A3F3153C6}" => Key deleted successfully. C:\Windows\System32\Tasks\{2D95EF76-82BA-4F55-A4DA-F252E03DF736} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D95EF76-82BA-4F55-A4DA-F252E03DF736}" => Key deleted successfully. "C:\Program Files (x86)\mozilla firefox" => removed successfully. "C:\ProgramData\201374f8a2149a2e" => removed successfully. "C:\ProgramData\LizardSales" => removed successfully. "C:\Users\Marta\AppData\Local\CRE" => removed successfully. "C:\Users\Marta\AppData\Roaming\msnmsg" => removed successfully. "C:\Users\Marta\AppData\Roaming\mozilla" => removed successfully. "C:\Users\TEMP" => removed successfully. "C:\Users\TEMP.Marta-Komputer" => removed successfully. "C:\Users\TEMP.Marta-Komputer.000" => removed successfully. "C:\Users\TEMP.Marta-Komputer.001" => removed successfully. "C:\Users\TEMP.Marta-Komputer.002" => removed successfully. ========= del /q C:\Users\Marta\AppData\Roaming\*.exe ========= ========= End of CMD: ========= ========= del /q C:\Windows\SysWOW64\sqlite3.dll ========= ========= End of CMD: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\nfsDigitalClock03 New Free Screensaver_is1" /f ========= ========= End of Reg: ========= ========= reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= EmptyTemp: => Removed 58.5 MB temporary data. The system needed a reboot. ==== End of Fixlog ====