Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015 Ran by ww (2015-08-17 21:27:40) Run:1 Running from C:\Users\ww\Desktop\Nowy folder Loaded Profiles: ww & postgres (Available Profiles: ww & postgres) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {140C76B2-27DE-484D-8663-4696B84774DF} - System32\Tasks\{7302D5D2-5A6D-4626-8DB9-D4E6DA020BD5} => pcalua.exe -a C:\Users\ww\audio\Audigy_SupportPack_4_5\setup.exe -d C:\Users\ww\audio\Audigy_SupportPack_4_5 Task: {9A204345-B267-4DC3-87B8-357A3CAE8238} - System32\Tasks\{052E3066-A1D6-409D-9936-4E773E3821C3} => pcalua.exe -a C:\Users\ww\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f AlternateDataStreams: C:\Windows:s8vj4g0sk4d1 AlternateDataStreams: C:\Users\ww\Dane aplikacji:lv93ja32540f AlternateDataStreams: C:\Users\ww\AppData\Roaming:lv93ja32540f C:\ProgramData\flwjycbm.bab C:\ProgramData\SWinManProS C:\Users\ww\AppData\Roaming\istartsurf S1 atitray; \??\C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] R2 WindowsMangerProtect; C:\ProgramData\SWinManProS\ProtectWindowsManager.exe [708264 2015-08-16] (DTools LIMITED) <==== ATTENTION S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X] HKU\S-1-5-21-1394974778-1380221434-1069446208-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH HKU\S-1-5-21-1394974778-1380221434-1069446208-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH&q={searchTerms} SearchScopes: HKU\S-1-5-21-1394974778-1380221434-1069446208-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH&q={searchTerms} SearchScopes: HKU\S-1-5-21-1394974778-1380221434-1069446208-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1439751121&z=b2daa060b435af10c13595dgdz6c6t1mbwag7e5ofm&from=cor&uid=ST3500418AS_9VM651YHXXXX9VM651YH GroupPolicyScripts: Group Policy detected <======= ATTENTION EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{140C76B2-27DE-484D-8663-4696B84774DF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{140C76B2-27DE-484D-8663-4696B84774DF}" => key removed successfully C:\Windows\System32\Tasks\{7302D5D2-5A6D-4626-8DB9-D4E6DA020BD5} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7302D5D2-5A6D-4626-8DB9-D4E6DA020BD5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A204345-B267-4DC3-87B8-357A3CAE8238}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A204345-B267-4DC3-87B8-357A3CAE8238}" => key removed successfully C:\Windows\System32\Tasks\{052E3066-A1D6-409D-9936-4E773E3821C3} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{052E3066-A1D6-409D-9936-4E773E3821C3}" => key removed successfully ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= C:\Windows => ":s8vj4g0sk4d1" ADS removed successfully. "C:\Users\ww\Dane aplikacji" => ":lv93ja32540f" ADS not found. C:\Users\ww\AppData\Roaming => ":lv93ja32540f" ADS removed successfully. C:\ProgramData\flwjycbm.bab => moved successfully. "C:\ProgramData\SWinManProS" => File/Folder not found. "C:\Users\ww\AppData\Roaming\istartsurf" => File/Folder not found. atitray => service removed successfully VGPU => service removed successfully WindowsMangerProtect => service not found. Net Driver HPZ12 => service removed successfully Pml Driver HPZ12 => service removed successfully HKU\S-1-5-21-1394974778-1380221434-1069446208-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-1394974778-1380221434-1069446208-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKU\S-1-5-21-1394974778-1380221434-1069446208-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-1394974778-1380221434-1069446208-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully. EmptyTemp: => 524 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 21:28:08 ====