Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015 Ran by Przemek at 2015-02-06 19:57:41 Run:2 Running from C:\Users\Przemek\Downloads Loaded Profiles: Przemek (Available profiles: Przemek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S3 GPU-Z; \??\C:\Users\Przemek\AppData\Local\Temp\GPU-Z.sys [X] HKU\S-1-5-21-744382610-1142984750-2440805673-1000\...\Policies\Explorer: [] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing. FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml CHR HKLM-x32\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\Przemek\AppData\Roaming\BabSolution\CR\bueno.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-13] Task: {6CFC6EA0-A64D-46F7-8343-A1038C23C4AA} - \EPUpdater No Task File <==== ATTENTION Task: {8D16774F-EF9B-49C7-9B50-8EFCEC001CDC} - System32\Tasks\{06714CF0-D966-4247-9BC5-E237E4AF380B} => pcalua.exe -a F:\cpydraw.EXE -d F:\ Task: {97CC479C-399D-4C17-B592-3B4EF8BFF31D} - System32\Tasks\{6E1D5C5F-FEDB-4351-9B67-7420A8C754A7} => pcalua.exe -a "C:\Users\Przemek\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe" -c /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller" Task: {A6204100-F70C-4B7A-AD23-6D98B43C5FE9} - System32\Tasks\{0EF9ABC1-4606-4029-9A39-629EFD7D09A9} => pcalua.exe -a C:\Programy\Impact3_5-2011\installer_adobe_svg_viewer.exe -d C:\Programy\Impact3_5-2011 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapido C:\ProgramData\TEMP C:\Users\Przemek\AppData\Local\{3ED2504F-6BCF-43A1-832C-40E5F5F5D001} C:\Users\Przemek\AppData\Local\Akamai C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\Przemek\AppData\Roaming\WebTest C:\Users\Przemek\Desktop\Programy\AVG 2014.lnk C:\Users\Przemek\Downloads\SoftonicDownloader_for_*.exe Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f CMD: ipconfig /flushdns CMD: sc config "Internet Manager. RunOuc" start= disabled EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. GPU-Z => Service deleted successfully. HKU\S-1-5-21-744382610-1142984750-2440805673-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => Key deleted successfully. C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CFC6EA0-A64D-46F7-8343-A1038C23C4AA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CFC6EA0-A64D-46F7-8343-A1038C23C4AA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D16774F-EF9B-49C7-9B50-8EFCEC001CDC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D16774F-EF9B-49C7-9B50-8EFCEC001CDC}" => Key deleted successfully. C:\Windows\System32\Tasks\{06714CF0-D966-4247-9BC5-E237E4AF380B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{06714CF0-D966-4247-9BC5-E237E4AF380B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97CC479C-399D-4C17-B592-3B4EF8BFF31D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97CC479C-399D-4C17-B592-3B4EF8BFF31D}" => Key deleted successfully. C:\Windows\System32\Tasks\{6E1D5C5F-FEDB-4351-9B67-7420A8C754A7} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6E1D5C5F-FEDB-4351-9B67-7420A8C754A7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6204100-F70C-4B7A-AD23-6D98B43C5FE9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6204100-F70C-4B7A-AD23-6D98B43C5FE9}" => Key deleted successfully. C:\Windows\System32\Tasks\{0EF9ABC1-4606-4029-9A39-629EFD7D09A9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0EF9ABC1-4606-4029-9A39-629EFD7D09A9}" => Key deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapido => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Przemek\AppData\Local\{3ED2504F-6BCF-43A1-832C-40E5F5F5D001} => Moved successfully. "C:\Users\Przemek\AppData\Local\Akamai" => File/Directory not found. C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\Przemek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Users\Przemek\AppData\Roaming\WebTest => Moved successfully. C:\Users\Przemek\Desktop\Programy\AVG 2014.lnk => Moved successfully. C:\Users\Przemek\Downloads\SoftonicDownloader_for_*.exe => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy˜lnie opr¢¾niono pami©† podr©czn¥ programu rozpoznawania nazw DNS. ========= End of CMD: ========= ========= sc config "Internet Manager. RunOuc" start= disabled ========= [SC] ChangeServiceConfig SUKCES ========= End of CMD: ========= EmptyTemp: => Removed 471.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 19:59:02 ====