Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by Witold at 2015-05-26 10:23:34 Run:4 Running from C:\Users\Witold\Desktop\cleanery\FRST Loaded Profiles: Witold (Available Profiles: Witold & .NET v4.5 & .NET v4.5 Classic) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION! HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4263293795-372819126-2868305949-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41371262.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41371262.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasementDuster => ""="service" CustomCLSID: HKU\S-1-5-21-4263293795-372819126-2868305949-1001_Classes\CLSID\{6BD7997B-1A81-3AAB-94B8-FFAC3FC7A9B4}\InprocServer32 -> No File path Task: {EBADDD0A-C6DC-4663-8AC5-D0E741DE483B} - System32\Tasks\{10CA96F0-5693-4304-8C6B-A1DC2E7BDFCB} => Iexplore.exe http://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsMain S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2015-01-06] (Splashtop Inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-05-25] () C:\Windows\System32\drivers\sthid.sys C:\Windows\System32\drivers\TrueSight.sys DisableService: Mobile Partner. RunOuc CMD: netsh advfirewall reset Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => key not found. "HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => key Removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully "HKU\S-1-5-21-4263293795-372819126-2868305949-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\41371262.sys" => key Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\41371262.sys" => key Removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BasementDuster" => key Removed successfully "HKU\S-1-5-21-4263293795-372819126-2868305949-1001_Classes\CLSID\{6BD7997B-1A81-3AAB-94B8-FFAC3FC7A9B4}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBADDD0A-C6DC-4663-8AC5-D0E741DE483B}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBADDD0A-C6DC-4663-8AC5-D0E741DE483B}" => key Removed successfully C:\Windows\System32\Tasks\{10CA96F0-5693-4304-8C6B-A1DC2E7BDFCB} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{10CA96F0-5693-4304-8C6B-A1DC2E7BDFCB}" => key Removed successfully sthid => Service Removed successfully TrueSight => Service Removed successfully C:\Windows\System32\drivers\sthid.sys => Moved successfully. C:\Windows\System32\drivers\TrueSight.sys => Moved successfully. Mobile Partner. RunOuc service was disabled ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 145.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 10:24:01 ====