Fix result of Farbar Recovery Scan Tool (x64) Version:09-07-2015 Ran by Kanon at 2015-07-10 20:24:32 Run:1 Running from C:\Users\Kanon\Desktop Loaded Profiles: Kanon (Available Profiles: Kanon) Boot Mode: Normal ============================================== fixlist content: ***************** Startup: C:\Users\Kanon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-06-30] () Task: {5C54FFA7-6551-4E01-B9BA-5AC9CBC71155} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION Task: {728F3938-5794-46D5-B5ED-A6824FB9D953} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION Task: {B047D52E-1CF4-4368-9EC6-A23671F85EEC} - System32\Tasks\{5D7B4AB3-B79A-4805-AD1B-6AAA7B6A16C8} => pcalua.exe -a F:\eFilmLt.exe -d F:\ Task: {C0E697CE-59A1-4B05-BB14-4E6087519B6E} - System32\Tasks\{17C61C70-09B5-429D-B5CC-1EE488D6D0B0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup C:\Users\Public\Desktop\Gimnazjum klasa 2 - Puls Ziemi.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe\Crossfire Europe.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe\crossfire-eu.com.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe\Uninstall.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-sea...6BAE02A825A1C08 SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-sea...6BAE02A825A1C08 SearchScopes: HKU\S-1-5-21-4258540652-3167376319-1349578961-1002 -> {F3699528-160E-4C0D-A1B6-E1E8DDCAEB9A} URL = CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll No File C:\windows\Minidump\*.dmp C:\ProgramData\FileSplitUpLoad.dll Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** C:\Users\Kanon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C54FFA7-6551-4E01-B9BA-5AC9CBC71155}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C54FFA7-6551-4E01-B9BA-5AC9CBC71155}" => key removed successfully C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{728F3938-5794-46D5-B5ED-A6824FB9D953}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{728F3938-5794-46D5-B5ED-A6824FB9D953}" => key removed successfully C:\Windows\System32\Tasks\ProtectedSearch\Protected Search => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B047D52E-1CF4-4368-9EC6-A23671F85EEC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B047D52E-1CF4-4368-9EC6-A23671F85EEC}" => key removed successfully C:\Windows\System32\Tasks\{5D7B4AB3-B79A-4805-AD1B-6AAA7B6A16C8} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D7B4AB3-B79A-4805-AD1B-6AAA7B6A16C8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0E697CE-59A1-4B05-BB14-4E6087519B6E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0E697CE-59A1-4B05-BB14-4E6087519B6E}" => key removed successfully C:\Windows\System32\Tasks\{17C61C70-09B5-429D-B5CC-1EE488D6D0B0} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{17C61C70-09B5-429D-B5CC-1EE488D6D0B0}" => key removed successfully C:\Users\Public\Desktop\Gimnazjum klasa 2 - Puls Ziemi.lnk => moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe\Crossfire Europe.lnk => moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe\crossfire-eu.com.lnk => moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe\Uninstall.lnk => moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk => moved successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => key removed successfully HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => key not found. "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. "HKU\S-1-5-21-4258540652-3167376319-1349578961-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F3699528-160E-4C0D-A1B6-E1E8DDCAEB9A}" => key removed successfully HKCR\CLSID\{F3699528-160E-4C0D-A1B6-E1E8DDCAEB9A} => key not found. C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found. C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll not found. C:\windows\Minidump\*.dmp => moved successfully. C:\ProgramData\FileSplitUpLoad.dll => moved successfully. ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => 1.6 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 20:27:49 ====