Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01 Ran by toshiba at 2015-03-06 00:41:39 Run:1 Running from C:\Users\toshiba\Desktop Loaded Profiles: toshiba (Available profiles: toshiba & Gość) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {28D771DF-6B36-4839-9F98-04A23CF99F61} - System32\Tasks\{3FE46AD6-082F-4572-80E0-4A7E4D19687F} => pcalua.exe -a C:\Users\toshiba\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe -c /uninstall Task: {330D66F3-936D-48B8-9867-99EC313E7C44} - System32\Tasks\{BC9BEEE6-AF0C-49A1-AA31-0F90AE61753F} => pcalua.exe -a F:\autorun.exe -d F:\ Task: {4BD7D116-00A4-4DCD-9C54-4EFC7FEA68CF} - System32\Tasks\{DB01F20B-E555-4F79-8365-5E50E1142908} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe" -c -runfromtemp -l0x0409 Task: {7844019F-79E5-43D5-A771-410065F2B71F} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{684A7197-5460-42A7-AE8F-7B01259CB62E}.exeFacebookUpdate.exe [2014-01-29] (Facebook Inc.) Task: {B524F9AF-C696-4E2C-AB29-D9E47B34E743} - System32\Tasks\{9808A9DA-FBE8-4808-A624-E73C509FA2D9} => pcalua.exe -a "C:\Users\toshiba\Desktop\Star Wars\Patch\SWKotOR1_03.exe" -d "C:\Users\toshiba\Desktop\Star Wars\Patch" Task: {C7AD5925-5888-4702-8C9E-7E48AA8AB53A} - System32\Tasks\{DCC92792-038F-4DE9-B1F3-29D997389E87} => pcalua.exe -a C:\Users\toshiba\Downloads\GameRangerSetup.exe -d C:\Users\toshiba\Downloads Task: {D630D5C7-1260-4C3A-8594-5636820B836B} - System32\Tasks\{36176734-9DAB-48CC-A132-7C5EC8FE2D6C} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar Task: {D7F436C4-7EB9-4ACC-94AC-039E820BB26D} - System32\Tasks\{8E8C7734-E8AE-4CC6-8650-500BB5884BAC} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -c -runfromtemp -l0x0015 -removeonly Task: {DB72DEEF-9B2D-4C83-9DFB-9C074FDE0A87} - System32\Tasks\{CAD1DA82-0183-483F-BA33-9F8BD8276CF1} => pcalua.exe -a "D:\Half-life 2\Uninstal.exe" Task: {EDCF4946-66CE-4AC1-AD07-C306397AC1E2} - System32\Tasks\{8C4EC318-9327-4C70-A604-B0CE343BEEF9} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/63710 Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{684A7197-5460-42A7-AE8F-7B01259CB62E}.exe <==== ATTENTION SearchScopes: HKLM-x32 -> {2D0E38F0-F23F-46B4-A210-2017517BD604} URL = http://startsear.ch/?aff=2&src=sp&cf=a1ee511e-109f-11e2-a882-e89a8f88a207&q={searchTerms} SearchScopes: HKU\S-1-5-21-2097945086-3251815156-1131960430-1000 -> DefaultScope {12FDD30F-A064-4728-9F04-05CEB76D9437} URL = SearchScopes: HKU\S-1-5-21-2097945086-3251815156-1131960430-1000 -> {12FDD30F-A064-4728-9F04-05CEB76D9437} URL = SearchScopes: HKU\S-1-5-21-2097945086-3251815156-1131960430-1000 -> {2D0E38F0-F23F-46B4-A210-2017517BD604} URL = http://startsear.ch/?aff=2&src=sp&cf=a1ee511e-109f-11e2-a882-e89a8f88a207&q={searchTerms} SearchScopes: HKU\S-1-5-21-2097945086-3251815156-1131960430-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FDCF3197-A20D-4FFF-A27D-1E0E6EBFED2C}&mid=773c128781014667bf7b0dcc5728d928-8d264eee1c6075b7c76ab539c471f296508062e7&lang=pl&ds=ik011&pr=&d=2012-09-25 18:15:51&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx [Not Found] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF user.js: detected! => C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\vvdaavdv.default\user.js C:\Program Files (x86)\GUT49AC.tmp C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml C:\Program Files (x86)\Mozilla Firefox\plugins C:\ProgramData\TEMP C:\Users\toshiba\Downloads\Niepotwierdzony*.crdownload F:\OLIFKA (4GB).lnk F:\desktop.ini F:\autorun.inf F:\Thumbs.db CMD: attrib /d /s -r -s -h F:\* Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28D771DF-6B36-4839-9F98-04A23CF99F61}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28D771DF-6B36-4839-9F98-04A23CF99F61}" => Key deleted successfully. C:\Windows\System32\Tasks\{3FE46AD6-082F-4572-80E0-4A7E4D19687F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FE46AD6-082F-4572-80E0-4A7E4D19687F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330D66F3-936D-48B8-9867-99EC313E7C44}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330D66F3-936D-48B8-9867-99EC313E7C44}" => Key deleted successfully. C:\Windows\System32\Tasks\{BC9BEEE6-AF0C-49A1-AA31-0F90AE61753F} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BC9BEEE6-AF0C-49A1-AA31-0F90AE61753F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BD7D116-00A4-4DCD-9C54-4EFC7FEA68CF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BD7D116-00A4-4DCD-9C54-4EFC7FEA68CF}" => Key deleted successfully. C:\Windows\System32\Tasks\{DB01F20B-E555-4F79-8365-5E50E1142908} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB01F20B-E555-4F79-8365-5E50E1142908}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7844019F-79E5-43D5-A771-410065F2B71F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7844019F-79E5-43D5-A771-410065F2B71F}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B524F9AF-C696-4E2C-AB29-D9E47B34E743}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B524F9AF-C696-4E2C-AB29-D9E47B34E743}" => Key deleted successfully. C:\Windows\System32\Tasks\{9808A9DA-FBE8-4808-A624-E73C509FA2D9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9808A9DA-FBE8-4808-A624-E73C509FA2D9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7AD5925-5888-4702-8C9E-7E48AA8AB53A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7AD5925-5888-4702-8C9E-7E48AA8AB53A}" => Key deleted successfully. C:\Windows\System32\Tasks\{DCC92792-038F-4DE9-B1F3-29D997389E87} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DCC92792-038F-4DE9-B1F3-29D997389E87}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D630D5C7-1260-4C3A-8594-5636820B836B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D630D5C7-1260-4C3A-8594-5636820B836B}" => Key deleted successfully. C:\Windows\System32\Tasks\{36176734-9DAB-48CC-A132-7C5EC8FE2D6C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36176734-9DAB-48CC-A132-7C5EC8FE2D6C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7F436C4-7EB9-4ACC-94AC-039E820BB26D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7F436C4-7EB9-4ACC-94AC-039E820BB26D}" => Key deleted successfully. C:\Windows\System32\Tasks\{8E8C7734-E8AE-4CC6-8650-500BB5884BAC} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E8C7734-E8AE-4CC6-8650-500BB5884BAC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB72DEEF-9B2D-4C83-9DFB-9C074FDE0A87}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB72DEEF-9B2D-4C83-9DFB-9C074FDE0A87}" => Key deleted successfully. C:\Windows\System32\Tasks\{CAD1DA82-0183-483F-BA33-9F8BD8276CF1} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CAD1DA82-0183-483F-BA33-9F8BD8276CF1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDCF4946-66CE-4AC1-AD07-C306397AC1E2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDCF4946-66CE-4AC1-AD07-C306397AC1E2}" => Key deleted successfully. C:\Windows\System32\Tasks\{8C4EC318-9327-4C70-A604-B0CE343BEEF9} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8C4EC318-9327-4C70-A604-B0CE343BEEF9}" => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2D0E38F0-F23F-46B4-A210-2017517BD604}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{2D0E38F0-F23F-46B4-A210-2017517BD604} => Key not found. HKU\S-1-5-21-2097945086-3251815156-1131960430-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2097945086-3251815156-1131960430-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{12FDD30F-A064-4728-9F04-05CEB76D9437}" => Key deleted successfully. HKCR\CLSID\{12FDD30F-A064-4728-9F04-05CEB76D9437} => Key not found. "HKU\S-1-5-21-2097945086-3251815156-1131960430-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D0E38F0-F23F-46B4-A210-2017517BD604}" => Key deleted successfully. HKCR\CLSID\{2D0E38F0-F23F-46B4-A210-2017517BD604} => Key not found. "HKU\S-1-5-21-2097945086-3251815156-1131960430-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully. C:\Users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\vvdaavdv.default\user.js => Moved successfully. C:\Program Files (x86)\GUT49AC.tmp => Moved successfully. C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\ProgramData\TEMP => Moved successfully. "C:\Users\toshiba\Downloads\Niepotwierdzony*.crdownload" => File/Directory not found. F:\OLIFKA (4GB).lnk => Moved successfully. F:\desktop.ini => Moved successfully. F:\autorun.inf => Moved successfully. F:\Thumbs.db => Moved successfully. ========= attrib /d /s -r -s -h F:\* ========= ========= End of CMD: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.8 GB temporary data. The system needed a reboot. ==== End of Fixlog 00:45:24 ====