Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Karina B at 2015-03-22 19:32:28 Run:1
Running from C:\Users\Karina B\Downloads
Loaded Profiles: Karina B (Available profiles: Karina B)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKU\S-1-5-21-2746509231-2792367075-765808972-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart (the data entry has 65 more characters).
HKU\S-1-5-21-2746509231-2792367075-765808972-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-2746509231-2792367075-765808972-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EPL&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EPL&apn_dbr=ie_9.0.8112.16476&apn_uid=F292F13A-4B46-426D-9DBD-5211A1E4C9C7&itbv=12.18.0.82&doi=2014-10-20&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2746509231-2792367075-765808972-1000 -> DefaultScope {064A3D97-069C-4A0E-B05E-5628AE78BDD1} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^PL&gct=&itbv=12.18.0.82&apn_uid=F292F13A-4B46-426D-9DBD-5211A1E4C9C7&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^PL&apn_dbr=ie_9.0.8112.16476&doi=2014-10-20&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2746509231-2792367075-765808972-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2746509231-2792367075-765808972-1000 -> {064A3D97-069C-4A0E-B05E-5628AE78BDD1} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^PL&gct=&itbv=12.18.0.82&apn_uid=F292F13A-4B46-426D-9DBD-5211A1E4C9C7&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^PL&apn_dbr=ie_9.0.8112.16476&doi=2014-10-20&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2746509231-2792367075-765808972-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2746509231-2792367075-765808972-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-2746509231-2792367075-765808972-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
CHR HomePage: Default -> hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=4C221A4BD69141B5&affID=128166&tsp=5102
CHR HKU\S-1-5-21-2746509231-2792367075-765808972-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KARINA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
Task: {47C350A7-53BB-4A1D-92BB-4126B8407F23} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Task: {8BA13079-0336-403A-B9BA-D8282C2FBE8C} - \EPUpdater No Task File <==== ATTENTION
Task: {9ADD155F-1E7A-4BE2-9CFF-562B6F3ACDE3} - System32\Tasks\{8CD561A1-9183-4492-AD1B-D9ADEED5897A} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
Task: {CE506F2E-D591-4AE6-ADF6-E81A250281A7} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ESTsoft\ALSong\ALSong.exe
Task: {D0B30CA6-2917-4EE6-9EB0-753B21F7E956} - System32\Tasks\{5DA8167C-8EEF-4713-9064-C2D67B1B930E} => C:\Program Files (x86)\Gadu-Gadu 10\gg.exe
Task: {D952F583-A987-4053-A4F5-644054DD8E49} - System32\Tasks\{9A9B58A7-CCBE-47E9-B12B-B6D9BC900422} => C:\Program Files (x86)\VSO\VSO Downloader\4\VsoDownloader.exe
C:\ProgramData\{*}.log
C:\ProgramData\F-Secure
C:\ProgramData\Temp
C:\Users\Karina B\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\Karina B\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f
CMD: C:\Windows\SysWOW64\regsvr32.exe /u /s "C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll"
CMD: sc config "Internet Manager. RunOuc" start= disabled
CMD: sc config WinDefend start= demand
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-2746509231-2792367075-765808972-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveSync => value deleted successfully.
HKU\S-1-5-21-2746509231-2792367075-765808972-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-2746509231-2792367075-765808972-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2746509231-2792367075-765808972-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2746509231-2792367075-765808972-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-2746509231-2792367075-765808972-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{064A3D97-069C-4A0E-B05E-5628AE78BDD1}" => Key deleted successfully.
HKCR\CLSID\{064A3D97-069C-4A0E-B05E-5628AE78BDD1} => Key not found. 
"HKU\S-1-5-21-2746509231-2792367075-765808972-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. 
"HKU\S-1-5-21-2746509231-2792367075-765808972-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKU\S-1-5-21-2746509231-2792367075-765808972-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
Chrome HomePage deleted successfully.
"HKU\S-1-5-21-2746509231-2792367075-765808972-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
McComponentHostService => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47C350A7-53BB-4A1D-92BB-4126B8407F23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47C350A7-53BB-4A1D-92BB-4126B8407F23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe." => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BA13079-0336-403A-B9BA-D8282C2FBE8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BA13079-0336-403A-B9BA-D8282C2FBE8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ADD155F-1E7A-4BE2-9CFF-562B6F3ACDE3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ADD155F-1E7A-4BE2-9CFF-562B6F3ACDE3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8CD561A1-9183-4492-AD1B-D9ADEED5897A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8CD561A1-9183-4492-AD1B-D9ADEED5897A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE506F2E-D591-4AE6-ADF6-E81A250281A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE506F2E-D591-4AE6-ADF6-E81A250281A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0B30CA6-2917-4EE6-9EB0-753B21F7E956}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0B30CA6-2917-4EE6-9EB0-753B21F7E956}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5DA8167C-8EEF-4713-9064-C2D67B1B930E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5DA8167C-8EEF-4713-9064-C2D67B1B930E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D952F583-A987-4053-A4F5-644054DD8E49}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D952F583-A987-4053-A4F5-644054DD8E49}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9A9B58A7-CCBE-47E9-B12B-B6D9BC900422} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9A9B58A7-CCBE-47E9-B12B-B6D9BC900422}" => Key deleted successfully.
C:\ProgramData\{*}.log => Moved successfully.
C:\ProgramData\F-Secure => Moved successfully.
C:\ProgramData\Temp => Moved successfully.
C:\Users\Karina B\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully.
C:\Users\Karina B\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk => Moved successfully.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


=========  C:\Windows\SysWOW64\regsvr32.exe /u /s "C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll" =========


========= End of CMD: =========


=========  sc config "Internet Manager. RunOuc" start= disabled =========

[SC] ChangeServiceConfig SUKCES

========= End of CMD: =========


=========  sc config WinDefend start= demand =========

[SC] ChangeServiceConfig SUKCES

========= End of CMD: =========

EmptyTemp: => Removed 558.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:37:27 ====