Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02 Ran by Piotr at 2015-01-14 15:47:10 Run:1 Running from C:\Users\Piotr\Desktop\FRST SCAN Loaded Profile: Piotr (Available profiles: Piotr) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [52000 2014-12-10] (AVG Technologies) S3 ESEADriver2; \??\C:\Users\Piotr\AppData\Local\Temp\ESEADriver2.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X] S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X] Task: {B826C484-7167-4853-B610-7EEAF216AB67} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe Task: {FBA01B11-01F9-407A-BAC9-5074AF1BE69D} - System32\Tasks\{97B03FBE-D0F5-4766-B183-1313C2693D94} => pcalua.exe -a C:\Users\Piotr\Downloads\sp63774.exe -d C:\Users\Piotr\Downloads HKU\S-1-5-21-527691540-3220147683-2269217384-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Piotr\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-527691540-3220147683-2269217384-1001\...\Winlogon: [Shell] C:\Users\Piotr\AppData\Local\Temp\dwn\dwn.exe <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Call of Duty - Advanced Warfare\Play Call of Duty - Advanced Warfare.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Forest\The Forest.lnk C:\Users\Public\Desktop\AVG Konserwacja 1 kliknięciem.lnk C:\WINDOWS\system32\drivers\avgtpx64.sys Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v vProt /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. avgtp => Unable to stop service avgtp => Service deleted successfully. ESEADriver2 => Service deleted successfully. TuneUpUtilitiesDrv => Service deleted successfully. xhunter1 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B826C484-7167-4853-B610-7EEAF216AB67}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B826C484-7167-4853-B610-7EEAF216AB67}" => Key deleted successfully. C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBA01B11-01F9-407A-BAC9-5074AF1BE69D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBA01B11-01F9-407A-BAC9-5074AF1BE69D}" => Key deleted successfully. C:\Windows\System32\Tasks\{97B03FBE-D0F5-4766-B183-1313C2693D94} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{97B03FBE-D0F5-4766-B183-1313C2693D94}" => Key deleted successfully. HKU\S-1-5-21-527691540-3220147683-2269217384-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. HKU\S-1-5-21-527691540-3220147683-2269217384-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater" => Key deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Call of Duty - Advanced Warfare\Play Call of Duty - Advanced Warfare.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Forest\The Forest.lnk => Moved successfully. "C:\Users\Public\Desktop\AVG Konserwacja 1 kliknięciem.lnk" => File/Directory not found. C:\WINDOWS\system32\drivers\avgtpx64.sys => Moved successfully. ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v vProt /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 395.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:47:54 ====