Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01 Ran by Patryk at 2015-02-25 19:38:23 Run:1 Running from C:\Users\Patryk\Downloads Loaded Profiles: Patryk (Available profiles: Patryk) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R3 Afc; C:\windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed] HKU\S-1-5-21-3403392427-2311443338-2248401027-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun Task: {195DB492-9718-4807-B72D-583D762D5A5F} - System32\Tasks\{9789D52F-AD84-4C1E-8B2F-3724800B8F1F} => pcalua.exe -a E:\dcim.exe -d E:\ Task: {211398CC-ECBE-4542-AF35-323FC800C0FC} - System32\Tasks\{D78B7B9D-0C7C-4255-B7B3-ED8E65D13B21} => C:\Users\Patryk\Downloads\Deluxe-Ski-Jump-21-Full\DSJ.EXE Task: {3387CF3C-D2FC-42E3-8A93-A76C8CC0AABB} - System32\Tasks\Digital Sites => C:\Users\Patryk\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {AE23505A-E6D2-4A32-BD77-AA88E2B47AD7} - System32\Tasks\{11CDB7EE-63D0-47F5-AA5F-37533B76A195} => pcalua.exe -a C:\Users\Patryk\Downloads\Flash_Disinfector.exe -d "C:\Program Files\Mozilla Firefox" Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Patryk\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION S3 DIRECTIORM; \??\c:\Program Files\RAMMon\DirectIo32.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] SearchScopes: HKLM -> DefaultScope value is missing. Toolbar: HKU\S-1-5-21-3403392427-2311443338-2248401027-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "type", 0 C:\Program Files\mozilla firefox\plugins C:\ProgramData\044CE38ECF.sys C:\ProgramData\KGyGaAvL.sys C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Island C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K3DSurf 0.6.2 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MfGware C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secret Of Monkey Island 2 LeChuck's Revenge [PL] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast C:\ProgramData\Temp C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk C:\Users\Patryk\AppData\Local\unzip.exe C:\Users\Patryk\AppData\Roaming\*.dll C:\Users\Patryk\AppData\Roaming\LiveUpdate.exe C:\Users\Patryk\AppData\Roaming\LiveUpdate.ini C:\Users\Patryk\AppData\Roaming\Microsoft\Office\Niedawny\*.LNK C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Reader PDF Reader.lnk C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Reader Uninstall PDF Reader.lnk C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Pakiet JZK C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pakiet JZK C:\Users\Patryk\Documents\Corel\CorelDRAW X5 Samples\target.lnk C:\windows\System32\drivers\Afc.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader Packages" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO Internet Security" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EeeStorageBackup" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LivCam" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu" /f Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /v LowerFilters /f Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /v UpperFilters /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. Afc => Unable to stop service Afc => Service deleted successfully. HKU\S-1-5-21-3403392427-2311443338-2248401027-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{195DB492-9718-4807-B72D-583D762D5A5F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{195DB492-9718-4807-B72D-583D762D5A5F}" => Key deleted successfully. C:\Windows\System32\Tasks\{9789D52F-AD84-4C1E-8B2F-3724800B8F1F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9789D52F-AD84-4C1E-8B2F-3724800B8F1F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{211398CC-ECBE-4542-AF35-323FC800C0FC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{211398CC-ECBE-4542-AF35-323FC800C0FC}" => Key deleted successfully. C:\Windows\System32\Tasks\{D78B7B9D-0C7C-4255-B7B3-ED8E65D13B21} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D78B7B9D-0C7C-4255-B7B3-ED8E65D13B21}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3387CF3C-D2FC-42E3-8A93-A76C8CC0AABB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3387CF3C-D2FC-42E3-8A93-A76C8CC0AABB}" => Key deleted successfully. C:\Windows\System32\Tasks\Digital Sites => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE23505A-E6D2-4A32-BD77-AA88E2B47AD7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE23505A-E6D2-4A32-BD77-AA88E2B47AD7}" => Key deleted successfully. C:\Windows\System32\Tasks\{11CDB7EE-63D0-47F5-AA5F-37533B76A195} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11CDB7EE-63D0-47F5-AA5F-37533B76A195}" => Key deleted successfully. C:\windows\Tasks\Digital Sites.job => Moved successfully. DIRECTIORM => Service deleted successfully. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_cdcacm => Service deleted successfully. huawei_enumerator => Service deleted successfully. huawei_ext_ctrl => Service deleted successfully. huawei_wwanecm => Service deleted successfully. hwdatacard => Service deleted successfully. hwusbdev => Service deleted successfully. VBoxNetFlt => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKU\S-1-5-21-3403392427-2311443338-2248401027-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. Firefox Proxy settings were reset. Firefox Proxy settings were reset. C:\Program Files\mozilla firefox\plugins => Moved successfully. C:\ProgramData\044CE38ECF.sys => Moved successfully. C:\ProgramData\KGyGaAvL.sys => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Island => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K3DSurf 0.6.2 => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MfGware => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secret Of Monkey Island 2 LeChuck's Revenge [PL] => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk => Moved successfully. C:\Users\Patryk\AppData\Local\unzip.exe => Moved successfully. C:\Users\Patryk\AppData\Roaming\*.dll => Moved successfully. C:\Users\Patryk\AppData\Roaming\LiveUpdate.exe => Moved successfully. C:\Users\Patryk\AppData\Roaming\LiveUpdate.ini => Moved successfully. C:\Users\Patryk\AppData\Roaming\Microsoft\Office\Niedawny\*.LNK => Moved successfully. C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Reader PDF Reader.lnk => Moved successfully. C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Reader Uninstall PDF Reader.lnk => Moved successfully. C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Pakiet JZK => Moved successfully. C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pakiet JZK => Moved successfully. C:\Users\Patryk\Documents\Corel\CorelDRAW X5 Samples\target.lnk => Moved successfully. C:\windows\System32\drivers\Afc.sys => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader Packages" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO Internet Security" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EeeStorageBackup" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LivCam" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /v LowerFilters /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /v UpperFilters /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 2.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 19:43:44 ====