Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-12-2014 01 Ran by Jacek at 2014-12-16 11:51:09 Run:1 Running from C:\Users\Jacek\Desktop\pliki2 Loaded Profile: Jacek (Available profiles: Jacek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S3 KiesAllShare; C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAzAD (the data entry has 389 more characters). HKU\S-1-5-21-2949696853-1657588460-2157650677-1000\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe HKU\S-1-5-21-2949696853-1657588460-2157650677-1000\...\Run: [GameXN GO] => "C:\ProgramData\GameXN\GameXNGO.exe" /startup HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com Toolbar: HKU\S-1-5-21-2949696853-1657588460-2157650677-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File CustomCLSID: HKU\S-1-5-21-2949696853-1657588460-2157650677-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File Task: {2CFE622C-78CB-42BA-9AFA-3F523FD10574} - System32\Tasks\{5D163F9D-DF21-4637-A980-B3D16EBF2021} => pcalua.exe -a "C:\Program Files\RCP\unins000.exe" CHR StartupUrls: Default -> "hxxp://myhome.vi-view.com/?type=hp&ts=1418161647&from=cor&uid=HitachiXHTS545050B9A300_090823PB4406Q7C415EAX" C:\Users\Jacek\Downloads\*(*)-dp*.exe Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKLM\SOFTWARE\Mozilla\Firefox /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. KiesAllShare => Service deleted successfully. dgderdrv => Service deleted successfully. EagleNT => Service deleted successfully. EagleXNt => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAzAD (the data entry has 389 more characters). => Value not found. HKU\S-1-5-21-2949696853-1657588460-2157650677-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent => value deleted successfully. HKU\S-1-5-21-2949696853-1657588460-2157650677-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GameXN GO => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2949696853-1657588460-2157650677-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully. "HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found. "HKU\S-1-5-21-2949696853-1657588460-2157650677-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFE622C-78CB-42BA-9AFA-3F523FD10574}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFE622C-78CB-42BA-9AFA-3F523FD10574}" => Key deleted successfully. C:\Windows\System32\Tasks\{5D163F9D-DF21-4637-A980-B3D16EBF2021} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D163F9D-DF21-4637-A980-B3D16EBF2021}" => Key deleted successfully. Chrome StartupUrls deleted successfully. C:\Users\Jacek\Downloads\*(*)-dp*.exe => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla\Firefox /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 16.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====