Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04 Ran by Dom at 2015-04-17 12:40:45 Run:2 Running from C:\Documents and Settings\Dom\Moje dokumenty\Downloads\naprawa Loaded Profiles: Dom (Available profiles: Dom) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki HKU\S-1-5-21-1547161642-1004336348-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki" <======= ATTENTION SearchScopes: HKU\S-1-5-21-1547161642-1004336348-682003330-1003 -> {szukaj.gazeta.pl} URL = http://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms} BHO: Between Lines 1.0.0.7 -> {ed66005b-3c60-469c-a11b-211b53e83d9e} -> C:\Program Files\Between Lines\BetweenLinesbho.dll [2015-03-22] (Between Lines) Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed] S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 ALSysIO; \??\C:\DOCUME~1\Dom\USTAWI~1\Temp\ALSysIO.sys [X] S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X] S4 sptd; System32\Drivers\sptd.sys [X] C:\Documents and Settings\All Users\Dane aplikacji\Mozilla C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Documents and Settings\Dom\Dane aplikacji\Mozilla C:\Documents and Settings\Dom\Dane aplikacji\WorldofTanks C:\Documents and Settings\Dom\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk C:\Documents and Settings\Dom\Pulpit\DAEMON Tools Lite.lnk C:\Documents and Settings\Dom\Pulpit\Kontynuuj instalację Core Temp 1.0 RC6.lnk C:\Documents and Settings\Dom\Pulpit\SUPERANTISPYWARE.lnk C:\Documents and Settings\Dom\Pulpit\Programy\Mozilla Firefox.lnk C:\Documents and Settings\Dom\Pulpit\Programy\SUPERAntiSpyware Free Edition.lnk C:\Documents and Settings\Dom\Pulpit\Gry\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\WorldofTanks C:\Program Files\Between Lines C:\Program Files\Mozilla Firefox C:\Program Files\SUPERAntiSpyware C:\WINDOWS\system32\Drivers\ASPI32.sys C:\WINDOWS\System32\Drivers\hamachi.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1547161642-1004336348-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully. HKU\S-1-5-21-1547161642-1004336348-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{szukaj.gazeta.pl} => Key not found. HKCR\CLSID\{szukaj.gazeta.pl} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed66005b-3c60-469c-a11b-211b53e83d9e} => Key not found. "HKCR\CLSID\{ed66005b-3c60-469c-a11b-211b53e83d9e}" => Key deleted successfully. C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => Moved successfully. ASPI32 => Service stopped successfully. ASPI32 => Service deleted successfully. hamachi => Service deleted successfully. ALSysIO => Service not found. EagleXNt => Service deleted successfully. sptd => Service deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\Mozilla => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\TEMP => Moved successfully. C:\Documents and Settings\Dom\Dane aplikacji\Mozilla => Moved successfully. C:\Documents and Settings\Dom\Dane aplikacji\WorldofTanks => Moved successfully. C:\Documents and Settings\Dom\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk => Moved successfully. C:\Documents and Settings\Dom\Pulpit\DAEMON Tools Lite.lnk => Moved successfully. C:\Documents and Settings\Dom\Pulpit\Kontynuuj instalację Core Temp 1.0 RC6.lnk => Moved successfully. C:\Documents and Settings\Dom\Pulpit\SUPERANTISPYWARE.lnk => Moved successfully. C:\Documents and Settings\Dom\Pulpit\Programy\Mozilla Firefox.lnk => Moved successfully. C:\Documents and Settings\Dom\Pulpit\Programy\SUPERAntiSpyware Free Edition.lnk => Moved successfully. C:\Documents and Settings\Dom\Pulpit\Gry\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk => Moved successfully. C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\WorldofTanks => Moved successfully. C:\Program Files\Between Lines => Moved successfully. C:\Program Files\Mozilla Firefox => Moved successfully. C:\Program Files\SUPERAntiSpyware => Moved successfully. C:\WINDOWS\system32\Drivers\ASPI32.sys => Moved successfully. C:\WINDOWS\System32\Drivers\hamachi.sys => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 6 GB temporary data. The system needed a reboot. ==== End of Fixlog 12:43:31 ====