Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2014 Ran by mops at 2014-09-25 14:47:52 Run:1 Running from C:\Users\mops\Desktop\Naprawa\FRST Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** CloseProcesses: S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] HKU\S-1-5-21-2590779885-625705641-3628964617-1000\...\Run: [Galileo] => C:\Users\mops\AppData\Local\Galileo\galileo.exe silent HKU\S-1-5-21-2590779885-625705641-3628964617-1000\...\Run: [ChomikBox] => C:\Program Files\ChomikBox\ChomikBox.exe HKU\S-1-5-21-2590779885-625705641-3628964617-1000\...\CurrentVersion\Windows: [Load] C:\Users\mops\LOCALS~1\Temp\ccvbxqouq.exe <===== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.webisawsome.info/?pid=1273&r=2014/02/26&hid=2252145619122520103&lg=EN&cc=PL&unqvl=49 SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=282&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.webisawsome.info/?l=1&q={searchTerms}&pid=1273&r=2014/02/26&hid=2252145619122520103&lg=EN&cc=PL&unqvl=49 SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111125232045430&tb_oid=25-11-2011&tb_mrud=25-11-2011 SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=282&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=282&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.webisawsome.info/?l=1&q={searchTerms}&pid=1273&r=2014/02/26&hid=2252145619122520103&lg=EN&cc=PL&unqvl=49 SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111125232045430&tb_oid=25-11-2011&tb_mrud=25-11-2011 Task: {47907409-5225-4B39-855C-0A4F218356B3} - System32\Tasks\{19EBE01D-2D09-4A78-A06C-D660BC1F9349} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar Task: {C651269F-4441-45F2-BD1C-0AE69D9551C6} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe C:\Program Files\mozilla firefox\plugins C:\ProgramData\Temp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR C:\Users\Public\Desktop\WinRAR.lnk C:\Users\mops\AppData\Roaming\OpenCandy DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} EmptyTemp: ***************** Processes closed successfully. ew_hwusbdev => Service deleted successfully. huawei_cdcacm => Service deleted successfully. huawei_enumerator => Service deleted successfully. HKU\S-1-5-21-2590779885-625705641-3628964617-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Galileo => value deleted successfully. HKU\S-1-5-21-2590779885-625705641-3628964617-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ChomikBox => value deleted successfully. HKU\S-1-5-21-2590779885-625705641-3628964617-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. "HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" => Key deleted successfully. "HKCR\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. "HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" => Key deleted successfully. "HKCR\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47907409-5225-4B39-855C-0A4F218356B3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47907409-5225-4B39-855C-0A4F218356B3}" => Key deleted successfully. C:\Windows\System32\Tasks\{19EBE01D-2D09-4A78-A06C-D660BC1F9349} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19EBE01D-2D09-4A78-A06C-D660BC1F9349}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C651269F-4441-45F2-BD1C-0AE69D9551C6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C651269F-4441-45F2-BD1C-0AE69D9551C6}" => Key deleted successfully. C:\Windows\System32\Tasks\EasyPartitionManager => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyPartitionManager" => Key deleted successfully. C:\Program Files\mozilla firefox\plugins => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR => Moved successfully. C:\Users\Public\Desktop\WinRAR.lnk => Moved successfully. C:\Users\mops\AppData\Roaming\OpenCandy => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility => Key Deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} => Key Deleted successfully. EmptyTemp: => Removed 1.8 GB temporary data. The system needed a reboot. ==== End of Fixlog ====