Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015
Ran by pc at 2015-02-14 12:45:36 Run:1
Running from C:\Users\pc\Desktop\FRST
Loaded Profiles: pc (Available profiles: pc)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1372833441-2193563211-3988756166-1000\...\Run: [System Network Service] => C:\Users\pc\AppData\Roaming\System32\svchost.exe [951808 2015-02-13] ()
HKLM\...\RunOnce: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\S-1-5-21-1372833441-2193563211-3988756166-1000 -> {201C0670-22C5-49D4-A624-980FC9D5E537} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1372833441-2193563211-3988756166-1000 -> {80F6F76F-0EAB-4252-B8F8-E7048BB9CA69} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1372833441-2193563211-3988756166-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
CustomCLSID: HKU\S-1-5-21-1372833441-2193563211-3988756166-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
Task: {1027F3B3-B482-404F-AD66-97FD3081C714} - System32\Tasks\{16F19419-BDF5-4205-910E-B26C657FE8D3} => pcalua.exe -a "D:\Krzysiek\Pro Evolution Soccer 6 Rip\mk_icon.exe" -d "D:\Krzysiek\Pro Evolution Soccer 6 Rip"
Task: {1D0FF6CA-40C5-49E0-B109-2D69F8079973} - System32\Tasks\{BE4E6A6A-D62C-4CFD-8FEF-78DCC89BA5AF} => Firefox.exe http://www.skype.com/go/downloading?source=installer&amp;ver=6.21.0.104&amp;LastError=-9
Task: {1D21BF83-B113-4382-901F-DF96E14161C6} - System32\Tasks\{37F93DC3-1B39-42B1-9684-F18FE4DAC368} => D:\Program Files\League of Legends\lol.launcher.exe
Task: {213F8B95-109A-4DC1-A247-4A43C177DAF9} - System32\Tasks\{F5330131-01A0-4EB4-B150-C3187F4DC08F} => pcalua.exe -a "D:\Program Files\Fifa\FIFA 13\__Installer\dotnet\dotnet35sp1\redist\dotnetfx35.exe" -d "D:\Program Files\Fifa\FIFA 13\__Installer\dotnet\dotnet35sp1\redist"
Task: {6588244E-C1B3-4E14-9AAD-9ABC28C6C318} - System32\Tasks\{F545566E-0B9E-4C58-89E5-0298AC9115BC} => pcalua.exe -a "D:\Program Files\ChomikPobrane\TS3\Sims3Setup.exe" -d "D:\Program Files\ChomikPobrane\TS3"
Task: {8637FB7A-B1E2-4A3D-AE02-7BB19B11D1E7} - System32\Tasks\{2262BF40-438D-487D-92CC-8DCE99AC122A} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/pl/abandoninstall?page=tsProgressBar
Task: {8D5B46C0-94F8-49F3-B1DA-97B9063E563A} - System32\Tasks\{CD39F1EF-522C-42E3-A7EB-4C01A9341F47} => pcalua.exe -a "D:\Program Files\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=all
Task: {8F3E7E2B-A8F3-49BA-B3B7-33925E73E07F} - System32\Tasks\{0B66048D-05F0-403A-B669-6C81850D79D5} => pcalua.exe -a "D:\Program Files\ChomikPobrane\The SIMS 4-Deluxe Edition-SKIDROWCRACK\__Installer\vp6\vp6install.exe" -d "D:\Program Files\ChomikPobrane\The SIMS 4-Deluxe Edition-SKIDROWCRACK\__Installer\vp6"
Task: {A2E78A3B-DF0B-458F-BD68-AA844D2E568B} - System32\Tasks\{DE63A1EA-2FF9-456B-A5D1-358758DBEE1E} => pcalua.exe -a "D:\Program Files\ChomikPobrane\The Sims 3 Island Paradise [MULTI5][PCDVD][P2P][WwW.GamesTorrents.CoM]\p2p-ts3ip\p2p-ts3ip\Sims3EP10\Sims3EP10Setup.exe" -d "D:\Program Files\ChomikPobrane\The Sims 3 Island Paradise [MULTI5][PCDVD][P2P][WwW.GamesTorrents.CoM]\p2p-ts3ip\p2p-ts3ip\Sims3EP10"
Task: {B4D6F6C8-FC70-4DB9-A32D-EF16A32891A6} - System32\Tasks\{6FEECA60-B62A-413A-9420-6BC41F26D296} => pcalua.exe -a "D:\Program Files\Nowy folder (2)\autorun.exe" -d "D:\Program Files\Nowy folder (2)"
Task: {CF8F35BE-D640-4ED7-86C0-BC61484D5C58} - System32\Tasks\{EC9F7AAC-D590-46EE-A15E-D87F2D577209} => pcalua.exe -a "D:\Krzysiek\Simsy dodatki\1\Sims3EP01Setup.exe" -d "D:\Krzysiek\Simsy dodatki\1"
Task: {E812B9F9-6B0C-47EA-A59D-EE7F4CA4C50C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => D:\PROGRA~1\TERRAR~1.2CR\AdAwareLauncher.exe
Task: {E9F0B250-A273-4066-909A-99188D16B028} - \SpyHunter4Startup No Task File <==== ATTENTION
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-15] (GFI Software)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\user.js
C:\ProgramData\IObit\Game Booster 3\BackLnk\*.lnk
C:\Users\pc\AppData\Roaming\Microsoft\Windows\SendTo\Xfire Friend.lnk
C:\Users\pc\AppData\Roaming\System32
C:\Windows\System32\drivers\gfibto.sys
D:\msdownld.tmp
G:\Nowy folder.exe
G:\Pola.exe
CMD: attrib /d /s -s -h G:\*
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1372833441-2193563211-3988756166-1000\Software\Microsoft\Windows\CurrentVersion\Run\\System Network Service => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
"HKU\S-1-5-21-1372833441-2193563211-3988756166-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{201C0670-22C5-49D4-A624-980FC9D5E537}" => Key deleted successfully.
HKCR\CLSID\{201C0670-22C5-49D4-A624-980FC9D5E537} => Key not found. 
"HKU\S-1-5-21-1372833441-2193563211-3988756166-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80F6F76F-0EAB-4252-B8F8-E7048BB9CA69}" => Key deleted successfully.
HKCR\CLSID\{80F6F76F-0EAB-4252-B8F8-E7048BB9CA69} => Key not found. 
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1" => Key deleted successfully.
C:\Program Files\Yahoo!\Common\npyaxmpb.dll => Moved successfully.
"HKU\S-1-5-21-1372833441-2193563211-3988756166-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value deleted successfully.
"HKU\S-1-5-21-1372833441-2193563211-3988756166-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1027F3B3-B482-404F-AD66-97FD3081C714}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1027F3B3-B482-404F-AD66-97FD3081C714}" => Key deleted successfully.
C:\Windows\System32\Tasks\{16F19419-BDF5-4205-910E-B26C657FE8D3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{16F19419-BDF5-4205-910E-B26C657FE8D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D0FF6CA-40C5-49E0-B109-2D69F8079973}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D0FF6CA-40C5-49E0-B109-2D69F8079973}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BE4E6A6A-D62C-4CFD-8FEF-78DCC89BA5AF} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BE4E6A6A-D62C-4CFD-8FEF-78DCC89BA5AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D21BF83-B113-4382-901F-DF96E14161C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D21BF83-B113-4382-901F-DF96E14161C6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{37F93DC3-1B39-42B1-9684-F18FE4DAC368} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37F93DC3-1B39-42B1-9684-F18FE4DAC368}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{213F8B95-109A-4DC1-A247-4A43C177DAF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{213F8B95-109A-4DC1-A247-4A43C177DAF9}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F5330131-01A0-4EB4-B150-C3187F4DC08F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F5330131-01A0-4EB4-B150-C3187F4DC08F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6588244E-C1B3-4E14-9AAD-9ABC28C6C318}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6588244E-C1B3-4E14-9AAD-9ABC28C6C318}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F545566E-0B9E-4C58-89E5-0298AC9115BC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F545566E-0B9E-4C58-89E5-0298AC9115BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8637FB7A-B1E2-4A3D-AE02-7BB19B11D1E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8637FB7A-B1E2-4A3D-AE02-7BB19B11D1E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2262BF40-438D-487D-92CC-8DCE99AC122A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2262BF40-438D-487D-92CC-8DCE99AC122A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D5B46C0-94F8-49F3-B1DA-97B9063E563A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D5B46C0-94F8-49F3-B1DA-97B9063E563A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{CD39F1EF-522C-42E3-A7EB-4C01A9341F47} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD39F1EF-522C-42E3-A7EB-4C01A9341F47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F3E7E2B-A8F3-49BA-B3B7-33925E73E07F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F3E7E2B-A8F3-49BA-B3B7-33925E73E07F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0B66048D-05F0-403A-B669-6C81850D79D5} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B66048D-05F0-403A-B669-6C81850D79D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2E78A3B-DF0B-458F-BD68-AA844D2E568B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2E78A3B-DF0B-458F-BD68-AA844D2E568B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{DE63A1EA-2FF9-456B-A5D1-358758DBEE1E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE63A1EA-2FF9-456B-A5D1-358758DBEE1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4D6F6C8-FC70-4DB9-A32D-EF16A32891A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4D6F6C8-FC70-4DB9-A32D-EF16A32891A6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6FEECA60-B62A-413A-9420-6BC41F26D296} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6FEECA60-B62A-413A-9420-6BC41F26D296}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF8F35BE-D640-4ED7-86C0-BC61484D5C58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF8F35BE-D640-4ED7-86C0-BC61484D5C58}" => Key deleted successfully.
C:\Windows\System32\Tasks\{EC9F7AAC-D590-46EE-A15E-D87F2D577209} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC9F7AAC-D590-46EE-A15E-D87F2D577209}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E812B9F9-6B0C-47EA-A59D-EE7F4CA4C50C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E812B9F9-6B0C-47EA-A59D-EE7F4CA4C50C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9F0B250-A273-4066-909A-99188D16B028} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key not found. 
gfibto => Service stopped successfully.
gfibto => Service deleted successfully.
EagleXNt => Service deleted successfully.
esgiguard => Service deleted successfully.
EsgScanner => Service deleted successfully.
iSafeKrnlBoot => Service not found.
vtany => Service deleted successfully.
xhunter1 => Service deleted successfully.
C:\user.js => Moved successfully.
"C:\ProgramData\IObit\Game Booster 3\BackLnk\*.lnk" => File/Directory not found.
C:\Users\pc\AppData\Roaming\Microsoft\Windows\SendTo\Xfire Friend.lnk => Moved successfully.
C:\Users\pc\AppData\Roaming\System32 => Moved successfully.
C:\Windows\System32\drivers\gfibto.sys => Moved successfully.
D:\msdownld.tmp => Moved successfully.
G:\Nowy folder.exe => Moved successfully.
G:\Pola.exe => Moved successfully.

=========  attrib /d /s -s -h G:\* =========


========= End of CMD: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========

EmptyTemp: => Removed 2.1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 12:46:31 ====