Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01 Ran by Berta at 2015-01-14 21:32:07 Run:1 Running from C:\Users\Berta\Downloads Loaded Profiles: Berta (Available profiles: Berta) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=658&r=2013/05/28&hid=1768654365&lg=EN&cc=PL&unqvl=16 SearchScopes: HKU\S-1-5-21-1194177866-3309166739-1519727253-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7C1574DE2B87FF26&affID=119357&tt=160713_91114&tsp=4946 SearchScopes: HKU\S-1-5-21-1194177866-3309166739-1519727253-1002 -> {E47533BC-0DE5-4132-941E-40CB951B4169} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^PL&gct=&itbv=12.21.0.114&apn_uid=1651BE8E-6D7F-41EC-AB11-3C620466E3E4&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^PL&apn_dbr=ie_11.0.9600.17496&doi=2014-12-12&trgb=IE&q={searchTerms}&psv=&pt=tb BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Super Lyrics -> {B9020890-9E08-446B-87B0-0C5CD0436D86} -> C:\Program Files (x86)\Super_Lyrics\116.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml C:\Program Files (x86)\mozilla firefox\plugins Task: {4996E31B-3608-4E40-857D-B0E33301C72A} - System32\Tasks\{0FD24AFF-7715-4A45-A791-A5C4A7C3CBDE} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe Task: {7EB54BB1-FFC0-4170-B2F4-151B55AA3A73} - System32\Tasks\{8F83EEAD-3D28-4445-AC2E-04A0ABE64CBD} => pcalua.exe -a E:\setup.exe -d E:\ Task: {8551B7BE-83D2-4C39-8A07-87A28FD354C2} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: {9E7DCF22-9B7F-4DCC-A19F-2734C696C354} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12] (Google Inc.) Task: {AC5C4D70-EC1A-4257-888A-194486F97F97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12] (Google Inc.) Task: {CE18AB16-2E91-45E1-A5DF-A5165D9AB334} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{920094DA-2B12-473B-8F3E-CBDBE84D5568}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{920094DA-2B12-473B-8F3E-CBDBE84D5568}.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml C:\Program Files (x86)\Google C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Splendid Utility C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter C:\Users\Berta\AppData\Roaming\ASUS WebStorage C:\Users\Berta\AppData\Roaming\Babylon C:\Users\Berta\AppData\Roaming\DSite C:\Users\Berta\AppData\Roaming\Gadu-Gadu 10 C:\Users\Berta\AppData\Roaming\OpenCandy C:\Users\Berta\AppData\Roaming\PerformerSoft C:\Users\Berta\AppData\Roaming\Systweak C:\Users\Berta\AppData\Roaming\TP C:\Users\Berta\AppData\Roaming\TuneUp Software C:\Users\Berta\AppData\Roaming\YoWindow C:\Users\Public\Desktop\AsusTools\Entertainment\Game Park Console.lnk C:\Users\Public\Desktop\AsusTools\Network\ASUS WebStorage.lnk C:\Users\Public\Desktop\AsusTools\System tool\Splendid Utility.Lnk C:\Users\Public\Desktop\AsusTools\Word processor\Nuance PDF Reader.lnk C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\APNMCP" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BBSvc" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdate" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdatem" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gusvc" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\TiMiniService" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\vToolbarUpdater15.3.0" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nuance PDF Reader-reminder" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Trend Micro Titanium" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VizorHtmlDialog.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f CMD: sc delete gupdate CMD: sc delete gupdatem CMD: sc delete gusvc CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. "HKU\S-1-5-21-1194177866-3309166739-1519727253-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. "HKU\S-1-5-21-1194177866-3309166739-1519727253-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E47533BC-0DE5-4132-941E-40CB951B4169}" => Key deleted successfully. HKCR\CLSID\{E47533BC-0DE5-4132-941E-40CB951B4169} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9020890-9E08-446B-87B0-0C5CD0436D86}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{B9020890-9E08-446B-87B0-0C5CD0436D86}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully. HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully. C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully. C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4996E31B-3608-4E40-857D-B0E33301C72A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4996E31B-3608-4E40-857D-B0E33301C72A}" => Key deleted successfully. C:\Windows\System32\Tasks\{0FD24AFF-7715-4A45-A791-A5C4A7C3CBDE} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0FD24AFF-7715-4A45-A791-A5C4A7C3CBDE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EB54BB1-FFC0-4170-B2F4-151B55AA3A73}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EB54BB1-FFC0-4170-B2F4-151B55AA3A73}" => Key deleted successfully. C:\Windows\System32\Tasks\{8F83EEAD-3D28-4445-AC2E-04A0ABE64CBD} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F83EEAD-3D28-4445-AC2E-04A0ABE64CBD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8551B7BE-83D2-4C39-8A07-87A28FD354C2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8551B7BE-83D2-4C39-8A07-87A28FD354C2}" => Key deleted successfully. C:\Windows\System32\Tasks\RegClean Pro => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E7DCF22-9B7F-4DCC-A19F-2734C696C354}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E7DCF22-9B7F-4DCC-A19F-2734C696C354}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC5C4D70-EC1A-4257-888A-194486F97F97}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC5C4D70-EC1A-4257-888A-194486F97F97}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE18AB16-2E91-45E1-A5DF-A5165D9AB334}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE18AB16-2E91-45E1-A5DF-A5165D9AB334}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => Moved successfully. C:\Program Files (x86)\Google => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Splendid Utility => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter => Moved successfully. C:\Users\Berta\AppData\Roaming\ASUS WebStorage => Moved successfully. C:\Users\Berta\AppData\Roaming\Babylon => Moved successfully. C:\Users\Berta\AppData\Roaming\DSite => Moved successfully. C:\Users\Berta\AppData\Roaming\Gadu-Gadu 10 => Moved successfully. C:\Users\Berta\AppData\Roaming\OpenCandy => Moved successfully. C:\Users\Berta\AppData\Roaming\PerformerSoft => Moved successfully. C:\Users\Berta\AppData\Roaming\Systweak => Moved successfully. C:\Users\Berta\AppData\Roaming\TP => Moved successfully. C:\Users\Berta\AppData\Roaming\TuneUp Software => Moved successfully. C:\Users\Berta\AppData\Roaming\YoWindow => Moved successfully. C:\Users\Public\Desktop\AsusTools\Entertainment\Game Park Console.lnk => Moved successfully. C:\Users\Public\Desktop\AsusTools\Network\ASUS WebStorage.lnk => Moved successfully. C:\Users\Public\Desktop\AsusTools\System tool\Splendid Utility.Lnk => Moved successfully. C:\Users\Public\Desktop\AsusTools\Word processor\Nuance PDF Reader.lnk => Moved successfully. C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\APNMCP" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BBSvc" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdate" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gupdatem" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gusvc" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\TiMiniService" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\vToolbarUpdater15.3.0" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nuance PDF Reader-reminder" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Trend Micro Titanium" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VizorHtmlDialog.exe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= sc delete gupdate ========= [SC] DeleteService SUKCES ========= End of CMD: ========= ========= sc delete gupdatem ========= [SC] DeleteService SUKCES ========= End of CMD: ========= ========= sc delete gusvc ========= [SC] DeleteService SUKCES ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= EmptyTemp: => Removed 1.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 21:39:50 ====