Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015 Ran by Ludmiła at 2015-01-12 17:25:39 Run:1 Running from C:\Users\Ludmiła\Downloads Loaded Profiles: UpdatusUser & bumida & Ludmiła (Available profiles: UpdatusUser & bumida & Dariusz & Ludmiła & Gość) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 Update Dynamo Combo; C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe [529656 2015-01-11] () R2 Util Dynamo Combo; C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe [529656 2015-01-11] () HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe" Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 Startup: C:\Users\bumida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk Startup: C:\Users\Dariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKU\S-1-5-21-3075525339-4195542920-1684508868-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Dynamo Combo 1.0.0.6 -> {986c37a1-7b65-476f-80dc-54f80bd4b0d6} -> C:\Program Files (x86)\Dynamo Combo\DynamoCombobho.dll No File FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\bumida\AppData\Roaming\Mozilla\Firefox\Profiles\9c9tfpcl.default\extensions\fftoolbar2014@etech.com Task: {98EBF1E7-7363-494F-9198-6F551D58B787} - System32\Tasks\{AF8C45E8-DDA6-45AC-9CFB-0450AC24DFB9} => pcalua.exe -a D:\setup.exe -d D:\ Task: {CF5002B4-56DB-4640-BDC8-4468C847ACA7} - System32\Tasks\avastBCLRestartS-1-5-21-3075525339-4195542920-1684508868-1002 => Firefox.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" C:\Program Files (x86)\Mozilla Firefox\extensions C:\Program Files (x86)\Mozilla Firefox\plugins C:\Program Files (x86)\Dynamo Combo C:\Program Files (x86)\XTab C:\ProgramData\McAfee C:\Users\bumida\AppData\Roaming\Dropbox C:\Users\bumida\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk C:\Users\bumida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox C:\Users\bumida\Downloads\*(*)-dp*.exe C:\Users\bumida\Links\Dropbox.lnk C:\Users\Dariusz\AppData\Roaming\Dropbox C:\Users\Dariusz\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk C:\Users\Dariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox C:\Users\Dariusz\Links\Dropbox.lnk C:\Users\Dariusz\Desktop\Dropbox.lnk C:\Users\Dariusz\Desktop\Z PULPITU\McAfee LiveSafe – Internet Security.lnk Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B1B1377-758A-4FA7-9AC9-B81AAC31856D}" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1B1B1377-758A-4FA7-9AC9-B81AAC31856D}" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. Update Dynamo Combo => Unable to stop service Update Dynamo Combo => Service deleted successfully. Util Dynamo Combo => Unable to stop service Util Dynamo Combo => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence => value deleted successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. C:\Users\bumida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => Moved successfully. C:\Users\Dariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => Moved successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => Key deleted successfully. HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => Key deleted successfully. HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => Key deleted successfully. HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => Key deleted successfully. HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => Key deleted successfully. HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => Key deleted successfully. HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => Key deleted successfully. HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => Key deleted successfully. HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-3075525339-4195542920-1684508868-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986c37a1-7b65-476f-80dc-54f80bd4b0d6}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{986c37a1-7b65-476f-80dc-54f80bd4b0d6}" => Key deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98EBF1E7-7363-494F-9198-6F551D58B787}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98EBF1E7-7363-494F-9198-6F551D58B787}" => Key deleted successfully. C:\Windows\System32\Tasks\{AF8C45E8-DDA6-45AC-9CFB-0450AC24DFB9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF8C45E8-DDA6-45AC-9CFB-0450AC24DFB9}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF5002B4-56DB-4640-BDC8-4468C847ACA7} => Key not found. C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3075525339-4195542920-1684508868-1002 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-3075525339-4195542920-1684508868-1002" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\Program Files (x86)\Dynamo Combo => Moved successfully. C:\Program Files (x86)\XTab => Moved successfully. C:\ProgramData\McAfee => Moved successfully. C:\Users\bumida\AppData\Roaming\Dropbox => Moved successfully. C:\Users\bumida\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk => Moved successfully. C:\Users\bumida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox => Moved successfully. C:\Users\bumida\Downloads\*(*)-dp*.exe => Moved successfully. C:\Users\bumida\Links\Dropbox.lnk => Moved successfully. C:\Users\Dariusz\AppData\Roaming\Dropbox => Moved successfully. C:\Users\Dariusz\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk => Moved successfully. C:\Users\Dariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox => Moved successfully. C:\Users\Dariusz\Links\Dropbox.lnk => Moved successfully. C:\Users\Dariusz\Desktop\Dropbox.lnk => Moved successfully. C:\Users\Dariusz\Desktop\Z PULPITU\McAfee LiveSafe – Internet Security.lnk => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B1B1377-758A-4FA7-9AC9-B81AAC31856D}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1B1B1377-758A-4FA7-9AC9-B81AAC31856D}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 685.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:26:47 ====