Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01 Ran by Tomasz at 2014-12-15 17:20:47 Run:5 Running from C:\Users\Tomasz\Desktop\Download Loaded Profile: Tomasz (Available profiles: Tomasz) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** CloseProcesses: S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed] S3 StarOpen; No ImagePath S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X] S3 cpuz134; \??\C:\Users\Tomasz\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] Task: {A7BA112B-32CA-426A-AFAF-03FE2DB9A9B9} - System32\Tasks\{5F3E0490-7D36-4EE5-9874-8F6B63A16F2F} => pcalua.exe -a C:\Users\Tomasz\Downloads\wmp11-windowsxp-x86-PL-PL.exe -d C:\Users\Tomasz\Downloads Task: {D2B2E1F9-2835-45B6-9845-4D63C93E98DB} - System32\Tasks\{308914FC-20A1-405D-9697-BA8E5F547294} => pcalua.exe -a "C:\Program Files (x86)\City Interactive\Art of Murder - The Secret Files\MystSetupVideo.exe" -d "C:\Program Files (x86)\City Interactive\Art of Murder - The Secret Files" ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141213 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141213 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-982444412-3476734116-3304893916-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141213 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\PopCap Games C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games C:\ProgramData\PopCap Games C:\ProgramData\TEMP C:\ProgramData\Trymedia C:\Users\Tomasz\AppData\Roaming\VSRevoGroup\RevoUninstaller\ADAU\McAfee Security Scan Plus.lnk C:\Windows\system32\Drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys C:\Windows\SysWOW64\DRIVERS\ASPI32.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. ASPI => Service deleted successfully. StarOpen => Service deleted successfully. ccnfd_1_10_0_4 => Service deleted successfully. cpuz134 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7BA112B-32CA-426A-AFAF-03FE2DB9A9B9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7BA112B-32CA-426A-AFAF-03FE2DB9A9B9}" => Key deleted successfully. C:\Windows\System32\Tasks\{5F3E0490-7D36-4EE5-9874-8F6B63A16F2F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F3E0490-7D36-4EE5-9874-8F6B63A16F2F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2B2E1F9-2835-45B6-9845-4D63C93E98DB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2B2E1F9-2835-45B6-9845-4D63C93E98DB}" => Key deleted successfully. C:\Windows\System32\Tasks\{308914FC-20A1-405D-9697-BA8E5F547294} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{308914FC-20A1-405D-9697-BA8E5F547294}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully. "HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully. "HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully. "HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully. "HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-982444412-3476734116-3304893916-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. C:\Program Files (x86)\PopCap Games => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games => Moved successfully. C:\ProgramData\PopCap Games => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\Trymedia => Moved successfully. C:\Users\Tomasz\AppData\Roaming\VSRevoGroup\RevoUninstaller\ADAU\McAfee Security Scan Plus.lnk => Moved successfully. C:\Windows\system32\Drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys => Moved successfully. C:\Windows\SysWOW64\DRIVERS\ASPI32.sys => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 584.5 MB temporary data. The system needed a reboot. ==== End of Fixlog ====