Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015 Ran by JA at 2015-02-02 17:12:38 Run:2 Running from D:\Documents and Settings\JA\Pulpit Loaded Profiles: JA (Available profiles: JA & Administrator) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** HKU\S-1-5-21-682003330-299502267-839522115-1004\...\Run: [] => [X] HKU\S-1-5-21-682003330-299502267-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-682003330-299502267-839522115-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mail.ru/cnt/7227 SearchScopes: HKLM -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm073^YYA^pl&si=pconvIE&ptb=813D1524-F357-4CB4-83B6-AB77E8A757F0&ind=2014030807&n=780babd7&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-682003330-299502267-839522115-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-682003330-299502267-839522115-1004 -> {CB4863DE-77C2-4F48-A517-7B88FB3E33DE} URL = http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} SearchScopes: HKU\S-1-5-21-682003330-299502267-839522115-1004 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm073^YYA^pl&si=pconvIE&ptb=813D1524-F357-4CB4-83B6-AB77E8A757F0&ind=2014030807&n=780babd7&psa=&st=sb&searchfor={searchTerms} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension S3 ctdvda2k; System32\drivers\ctdvda2k.sys [X] S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X] S3 kxwdmdrv; system32\drivers\kx.sys [X] Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GEST" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f EmptyTemp: ***************** HKU\S-1-5-21-682003330-299502267-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-682003330-299502267-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-682003330-299502267-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}" => Key deleted successfully. HKCR\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key not found. "HKU\S-1-5-21-682003330-299502267-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-682003330-299502267-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB4863DE-77C2-4F48-A517-7B88FB3E33DE}" => Key deleted successfully. HKCR\CLSID\{CB4863DE-77C2-4F48-A517-7B88FB3E33DE} => Key not found. "HKU\S-1-5-21-682003330-299502267-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}" => Key deleted successfully. HKCR\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => Key not found. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ctdvda2k => Service deleted successfully. HDAudBus => Service deleted successfully. kxwdmdrv => Service deleted successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GEST" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 752.2 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:13:41 ====