Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02 Ran by Mistgun at 2015-02-13 01:10:10 Run:1 Running from C:\Users\Mistgun\Downloads Loaded Profiles: Mistgun (Available profiles: Mistgun) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki SearchScopes: HKU\S-1-5-21-2928405230-1758367624-1279515289-1000 -> {szukaj.gazeta.pl} URL = http://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms} Toolbar: HKU\S-1-5-21-2928405230-1758367624-1279515289-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2928405230-1758367624-1279515289-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\...\Policies\Explorer: [HideSCAHealth] 0 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [Not Found] S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X] S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] Task: {0B530EAE-70AD-4FC2-AE43-5DEC729AD2FD} - System32\Tasks\{7C4EE3A1-2CD4-4F14-88B7-F01E56722164} => pcalua.exe -a C:\Users\Mistgun\Downloads\gothic1_playerkit-1.08k.exe -d C:\Users\Mistgun\Downloads Task: {18D4C05A-4115-47BA-A290-DA8C64BA094C} - System32\Tasks\{469698B5-584E-4069-8A9D-5A1C68FD4F3E} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\VSIXInstaller.exe" -c "C:\Users\Mistgun\Downloads\ThemeManagerPackage (1).vsix" Task: {9B106A34-8F07-4C4F-9B6C-7C8267241F59} - System32\Tasks\{C63BDC66-300F-46CD-AC86-7D5D6BF1479F} => pcalua.exe -a "C:\Program Files (x86)\Piranha Bytes\Materiały Dodatkowe\gothic1_playerkit-1.08k.exe" Task: {D5638E5A-A6B1-46C4-8AE4-4E9B8E51C144} - System32\Tasks\{1FAA09E0-1779-4648-9724-269067EC6686} => pcalua.exe -a C:\Users\Mistgun\Downloads\chromeinstall-7u60.exe -d C:\Users\Mistgun\Downloads C:\Program Files (x86)\36bd3391.tmp C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602.rar C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 C:\Users\Mistgun\AppData\Roaming\IHlpr C:\Users\Mistgun\Downloads\bankerfix.exe C:\Users\Mistgun\Downloads\plugincontainer.bak C:\Users\Mistgun\Downloads\Niepotwierdzony*.crdownload C:\Windows\msdownld.tmp C:\Windows\pss\genesis_08132043.lnk.Startup Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Mistgun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^genesis_08132043.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NetLimiter" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. "HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{szukaj.gazeta.pl}" => Key deleted successfully. HKCR\CLSID\{szukaj.gazeta.pl} => Key not found. HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Value could not be deleted. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value could not be deleted. HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value could not be deleted. HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Value could not be deleted. HKU\S-1-5-21-2928405230-1758367624-1279515289-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value could not be deleted. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key could not be deleted. Access denied. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja" => Key deleted successfully. FairplayKD => Service stopped successfully. FairplayKD => Service deleted successfully. NLNdisMP => Service deleted successfully. NLNdisPT => Service deleted successfully. xhunter1 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B530EAE-70AD-4FC2-AE43-5DEC729AD2FD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B530EAE-70AD-4FC2-AE43-5DEC729AD2FD}" => Key deleted successfully. Could not move "C:\Windows\System32\Tasks\{7C4EE3A1-2CD4-4F14-88B7-F01E56722164}" => Scheduled to move on reboot. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C4EE3A1-2CD4-4F14-88B7-F01E56722164}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18D4C05A-4115-47BA-A290-DA8C64BA094C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18D4C05A-4115-47BA-A290-DA8C64BA094C}" => Key deleted successfully. Could not move "C:\Windows\System32\Tasks\{469698B5-584E-4069-8A9D-5A1C68FD4F3E}" => Scheduled to move on reboot. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{469698B5-584E-4069-8A9D-5A1C68FD4F3E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B106A34-8F07-4C4F-9B6C-7C8267241F59}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B106A34-8F07-4C4F-9B6C-7C8267241F59}" => Key deleted successfully. Could not move "C:\Windows\System32\Tasks\{C63BDC66-300F-46CD-AC86-7D5D6BF1479F}" => Scheduled to move on reboot. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C63BDC66-300F-46CD-AC86-7D5D6BF1479F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5638E5A-A6B1-46C4-8AE4-4E9B8E51C144}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5638E5A-A6B1-46C4-8AE4-4E9B8E51C144}" => Key deleted successfully. Could not move "C:\Windows\System32\Tasks\{1FAA09E0-1779-4648-9724-269067EC6686}" => Scheduled to move on reboot. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1FAA09E0-1779-4648-9724-269067EC6686}" => Key deleted successfully. C:\Program Files (x86)\36bd3391.tmp => Moved successfully. "C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602" => File/Directory not found. C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602.rar => Moved successfully. C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 => Moved successfully. C:\Users\Mistgun\AppData\Roaming\IHlpr => Moved successfully. C:\Users\Mistgun\Downloads\bankerfix.exe => Moved successfully. C:\Users\Mistgun\Downloads\plugincontainer.bak => Moved successfully. C:\Users\Mistgun\Downloads\Niepotwierdzony*.crdownload => Moved successfully. "C:\Windows\msdownld.tmp" directory move: Could not move "C:\Windows\msdownld.tmp" directory. => Scheduled to move on reboot. Could not move "C:\Windows\pss\genesis_08132043.lnk.Startup" => Scheduled to move on reboot. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Mistgun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^genesis_08132043.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NetLimiter" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 5.2 GB temporary data.