Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014 Ran by Konrad at 2014-11-02 17:43:10 Run:1 Running from C:\Users\Konrad\Downloads Loaded Profile: Konrad (Available profiles: Konrad & Ewa) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM-x32\...\Run: [Adobe Gamma Colors] => C:\Program Files\Common Files\Flash Player\fffplayer32.exe [2763838 2014-05-11] (CipSoft GmbH) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [974016 2014-03-02] () [File not signed] Task: {639CC502-F377-4F41-96AF-118E0E1AD569} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe Task: {8CC26BBF-7820-475B-91DC-2BDFFDB5BDA6} - System32\Tasks\SW_Booster-S-1467139175 => c:\programdata\rightapp software\sw_booster\SW_Booster.exe <==== ATTENTION Task: C:\Windows\Tasks\SW_Booster-S-1467139175.job => c:\programdata\rightapp software\sw_booster\SW_Booster.exe <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120140911 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120140911 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120140911 SearchScopes: HKCU - {170F9CDF-2C69-456A-8202-9A8D3B5EC17E} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=925777&p={searchTerms} BHO: No Name -> {6EA0EA94-709E-DEAE-4EE4-3680D16DD2A8} -> No File C:\Program Files\Common Files\Flash Player C:\Program Files (x86)\BlueSprig Toolbar C:\Program Files (x86)\Temp C:\Program Files\KMSpico C:\ProgramData\MFAData C:\ProgramData\TEMP C:\Users\Konrad\OSBuddy C:\Users\Konrad\AppData\Roaming\BlueSprig C:\Users\Konrad\AppData\Roaming\rmi C:\Users\Konrad\Downloads\*(*)-dp*.exe C:\Users\Konrad\Downloads\ipchanger.exe C:\Users\Konrad\Downloads\OSBuddy*.* Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Gamma Colors => value deleted successfully. Service KMSELDI => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{639CC502-F377-4F41-96AF-118E0E1AD569}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{639CC502-F377-4F41-96AF-118E0E1AD569}" => Key deleted successfully. C:\Windows\System32\Tasks\AutoPico Daily Restart => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CC26BBF-7820-475B-91DC-2BDFFDB5BDA6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CC26BBF-7820-475B-91DC-2BDFFDB5BDA6}" => Key deleted successfully. C:\Windows\System32\Tasks\SW_Booster-S-1467139175 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SW_Booster-S-1467139175" => Key deleted successfully. C:\Windows\Tasks\SW_Booster-S-1467139175.job => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{170F9CDF-2C69-456A-8202-9A8D3B5EC17E}" => Key deleted successfully. "HKCR\CLSID\{170F9CDF-2C69-456A-8202-9A8D3B5EC17E}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EA0EA94-709E-DEAE-4EE4-3680D16DD2A8}" => Key deleted successfully. "HKCR\CLSID\{6EA0EA94-709E-DEAE-4EE4-3680D16DD2A8}" => Key not found. C:\Program Files\Common Files\Flash Player => Moved successfully. C:\Program Files (x86)\BlueSprig Toolbar => Moved successfully. C:\Program Files (x86)\Temp => Moved successfully. C:\Program Files\KMSpico => Moved successfully. "C:\ProgramData\MFAData" => File/Directory not found. C:\ProgramData\TEMP => Moved successfully. C:\Users\Konrad\OSBuddy => Moved successfully. C:\Users\Konrad\AppData\Roaming\BlueSprig => Moved successfully. C:\Users\Konrad\AppData\Roaming\rmi => Moved successfully. C:\Users\Konrad\Downloads\*(*)-dp*.exe => Moved successfully. C:\Users\Konrad\Downloads\ipchanger.exe => Moved successfully. C:\Users\Konrad\Downloads\OSBuddy*.* => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= EmptyTemp: => Removed 546.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ====