Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015 Ran by Erni at 2015-03-02 15:24:30 Run:1 Running from C:\Users\Erni\Desktop\frst Loaded Profiles: Erni (Available profiles: Erni) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S3 andnetadb; System32\Drivers\lgandnetadb.sys [X] S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] S3 MSICDSetup; \??\F:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\KarmimyPL\PCAnalyzer.sys [X] Task: {214B756C-5FAE-4AF9-8CBA-77EFA027BC5C} - \Speedial No Task File <==== ATTENTION Task: {393610A9-46B3-4643-ACB2-B7B086FA9F1B} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION Task: {46EB9739-0498-432C-AADC-807FF63D566F} - System32\Tasks\Opera scheduled Autoupdate 1405254120 => C:\Program Files (x86)\Opera\launcher.exe Task: {4DCB1DE4-1B4A-423F-A2EA-B610A0BD6AC2} - System32\Tasks\{07FAF33A-77D6-417F-BC46-524C01E77AE9} => pcalua.exe -a "C:\Users\Erni\Downloads\DirectX 9.29.1974.exe" -d C:\Users\Erni\Downloads Task: {6AB7CB66-FF63-45C7-B61A-FC0FE16A550C} - \RegClean Pro No Task File <==== ATTENTION Task: {7284E983-14B1-4204-A7B6-F9035382F45E} - System32\Tasks\{7DA21BD2-5603-4E28-AD0F-B6CAF30B5C43} => pcalua.exe -a "I:\EGZAMIN ZAWODOWY ETAP PRAKTYCZNY\VirtualBox\VirtualBox-4.3.20-96997-Win.exe" -d "I:\EGZAMIN ZAWODOWY ETAP PRAKTYCZNY\VirtualBox" Task: {8F7677C5-5C56-4CD9-9EC2-DCF80C44E4A3} - System32\Tasks\{8FBC5879-38D2-44E8-AE37-CA136A4160EC} => pcalua.exe -a C:\Users\Erni\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=w3i -simple=1 Task: {9477188D-4782-4AA9-94F9-FE0C31E5B51A} - \RegClean Pro_UPDATES No Task File <==== ATTENTION Task: {C0DB0230-3585-4743-8F23-5C38E922BBA7} - System32\Tasks\KarmimyPL => C:\Program Files (x86)\KarmimyPL\Karmimy.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=21.6.0.32 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-2257826360-190355185-2570135872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=21.6.0.32 SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_21_ff&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0CtC0EyEyC0AzzyB0DtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFyBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0EtBzztByDyE0AtGyDzz0ByCtG0D0C0ByEtGtDzztAtBtGtBtAzzzytBzzyCzz0E0BzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDtByCzy0CyEtAtG0FyC0EyBtG0A0EtD0FtGzzyCzz0DtGtD0ByC0C0E0EyDtC0C0DtByD2Q&cr=125124226&ir= SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st500dm002-1bd142_s2ach0mrxxxxs2ach0mr&ts=1425231291 SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st500dm002-1bd142_s2ach0mrxxxxs2ach0mr&ts=1425231291 SearchScopes: HKU\S-1-5-21-2257826360-190355185-2570135872-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st500dm002-1bd142_s2ach0mrxxxxs2ach0mr&ts=1425231255 SearchScopes: HKU\S-1-5-21-2257826360-190355185-2570135872-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_21_ff&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0CtC0EyEyC0AzzyB0DtN0D0Tzu0SzzyBtDtN1L2XzutBtFtBtDtFtCtAtFyBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0EtBzztByDyE0AtGyDzz0ByCtG0D0C0ByEtGtDzztAtBtGtBtAzzzytBzzyCzz0E0BzyyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDtByCzy0CyEtAtG0FyC0EyBtG0A0EtD0FtGzzyCzz0DtGtD0ByC0C0E0EyDtC0C0DtByD2Q&cr=125124226&ir= SearchScopes: HKU\S-1-5-21-2257826360-190355185-2570135872-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st500dm002-1bd142_s2ach0mrxxxxs2ach0mr&ts=1425231255 Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKU\S-1-5-21-2257826360-190355185-2570135872-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-2257826360-190355185-2570135872-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 CHR HomePage: Default -> hxxp://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki CHR StartupUrls: Default -> "hxxp://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki" CHR DefaultSearchKeyword: Default -> YAC Safe Search CHR HKU\S-1-5-21-2257826360-190355185-2570135872-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx C:\Users\Erni\AppData\Local\{051B6519-2CE0-42AE-8C49-4EB1DE7F4F18} C:\Users\Erni\AppData\Local\{919B14D4-D505-45E6-81A6-F22BF16C5CA3} C:\Users\Erni\AppData\Local\70149b02515b3bb20dd492.47983420 C:\Users\Erni\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Erni\Downloads\SpyHunter-Installer.exe C:\Users\Erni\Downloads\yet_another_cleaner_sk_7196755.exe C:\Windows\system32\Drivers\etc\hosts.bak Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. andnetadb => Service deleted successfully. AndNetDiag => Service deleted successfully. ANDNetModem => Service deleted successfully. andnetndis => Service deleted successfully. MSICDSetup => Service deleted successfully. NTIOLib_1_0_C => Service deleted successfully. WinRing0_1_2_0 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{214B756C-5FAE-4AF9-8CBA-77EFA027BC5C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{214B756C-5FAE-4AF9-8CBA-77EFA027BC5C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Speedial" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{393610A9-46B3-4643-ACB2-B7B086FA9F1B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{393610A9-46B3-4643-ACB2-B7B086FA9F1B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{46EB9739-0498-432C-AADC-807FF63D566F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46EB9739-0498-432C-AADC-807FF63D566F}" => Key deleted successfully. C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1405254120 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1405254120" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DCB1DE4-1B4A-423F-A2EA-B610A0BD6AC2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DCB1DE4-1B4A-423F-A2EA-B610A0BD6AC2}" => Key deleted successfully. C:\Windows\System32\Tasks\{07FAF33A-77D6-417F-BC46-524C01E77AE9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07FAF33A-77D6-417F-BC46-524C01E77AE9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6AB7CB66-FF63-45C7-B61A-FC0FE16A550C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AB7CB66-FF63-45C7-B61A-FC0FE16A550C}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7284E983-14B1-4204-A7B6-F9035382F45E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7284E983-14B1-4204-A7B6-F9035382F45E}" => Key deleted successfully. C:\Windows\System32\Tasks\{7DA21BD2-5603-4E28-AD0F-B6CAF30B5C43} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DA21BD2-5603-4E28-AD0F-B6CAF30B5C43}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F7677C5-5C56-4CD9-9EC2-DCF80C44E4A3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F7677C5-5C56-4CD9-9EC2-DCF80C44E4A3}" => Key deleted successfully. C:\Windows\System32\Tasks\{8FBC5879-38D2-44E8-AE37-CA136A4160EC} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8FBC5879-38D2-44E8-AE37-CA136A4160EC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9477188D-4782-4AA9-94F9-FE0C31E5B51A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9477188D-4782-4AA9-94F9-FE0C31E5B51A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0DB0230-3585-4743-8F23-5C38E922BBA7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0DB0230-3585-4743-8F23-5C38E922BBA7}" => Key deleted successfully. C:\Windows\System32\Tasks\KarmimyPL => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KarmimyPL" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2257826360-190355185-2570135872-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully. HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => Key not found. HKU\S-1-5-21-2257826360-190355185-2570135872-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2257826360-190355185-2570135872-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => Key deleted successfully. HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => Key not found. "HKU\S-1-5-21-2257826360-190355185-2570135872-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => Key deleted successfully. HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKU\S-1-5-21-2257826360-190355185-2570135872-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => value deleted successfully. HKU\S-1-5-21-2257826360-190355185-2570135872-1000\Software\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => value deleted successfully. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. "HKU\S-1-5-21-2257826360-190355185-2570135872-1000\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => Key deleted successfully. C:\Users\Erni\AppData\Local\{051B6519-2CE0-42AE-8C49-4EB1DE7F4F18} => Moved successfully. C:\Users\Erni\AppData\Local\{919B14D4-D505-45E6-81A6-F22BF16C5CA3} => Moved successfully. C:\Users\Erni\AppData\Local\70149b02515b3bb20dd492.47983420 => Moved successfully. C:\Users\Erni\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\Erni\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Erni\Downloads\yet_another_cleaner_sk_7196755.exe => Moved successfully. C:\Windows\system32\Drivers\etc\hosts.bak => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 948.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:24:40 ====