Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01 Ran by mateu_000 at 2014-12-15 09:00:26 Run:2 Running from C:\Users\mateu_000\Desktop Loaded Profile: mateu_000 (Available profiles: mateu_000) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220140820 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2769995749-3454007108-333519029-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-2769995749-3454007108-333519029-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-2769995749-3454007108-333519029-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File FF Plugin HKU\S-1-5-21-2769995749-3454007108-333519029-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File S4 LMIRfsClientNP; No ImagePath S3 TBPanel; No ImagePath S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] Task: {143BB45B-8C04-4FBD-9774-78A7B6300670} - System32\Tasks\{76127E5C-95AD-4DDA-BAD9-CA36E07260BC} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/pl/abandoninstall?page=tsWLM C:\Program Files (x86)\BuiyNssave C:\Program Files (x86)\Google\Chrome C:\ProgramData\AVG C:\ProgramData\bajnlhgjdokojnhcbpcgdfodnllmgbcd C:\ProgramData\TEMP C:\Users\mateu_000\AppData\Local\Avg C:\Users\mateu_000\AppData\Local\Google\Chrome C:\Users\mateu_000\AppData\Roaming\AVG C:\Users\mateu_000\Downloads\*(*)-dp*.exe Reg: reg delete HKCU\Software\Google\Chrome /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SaiMfd /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v ProfilerU /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v XboxStat /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2769995749-3454007108-333519029-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2769995749-3454007108-333519029-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found. "HKU\S-1-5-21-2769995749-3454007108-333519029-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully. "HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found. "HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => Key deleted successfully. "HKU\S-1-5-21-2769995749-3454007108-333519029-1001\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully. C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found. LMIRfsClientNP => Service deleted successfully. TBPanel => Service deleted successfully. AODDriver4.2.0 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{143BB45B-8C04-4FBD-9774-78A7B6300670}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{143BB45B-8C04-4FBD-9774-78A7B6300670}" => Key deleted successfully. C:\Windows\System32\Tasks\{76127E5C-95AD-4DDA-BAD9-CA36E07260BC} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76127E5C-95AD-4DDA-BAD9-CA36E07260BC}" => Key deleted successfully. C:\Program Files (x86)\BuiyNssave => Moved successfully. "C:\Program Files (x86)\Google\Chrome" => File/Directory not found. C:\ProgramData\AVG => Moved successfully. C:\ProgramData\bajnlhgjdokojnhcbpcgdfodnllmgbcd => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\mateu_000\AppData\Local\Avg => Moved successfully. "C:\Users\mateu_000\AppData\Local\Google\Chrome" => File/Directory not found. C:\Users\mateu_000\AppData\Roaming\AVG => Moved successfully. C:\Users\mateu_000\Downloads\*(*)-dp*.exe => Moved successfully. ========= reg delete HKCU\Software\Google\Chrome /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SaiMfd /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v ProfilerU /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v XboxStat /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 103.3 MB temporary data. The system needed a reboot. ==== End of Fixlog ====