Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Iras (2016-02-19 21:12:17) Run:1
Running from C:\Users\Iras\Downloads
Loaded Profiles: Iras & UpdatusUser (Available Profiles: Iras & UpdatusUser & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Task: {E4D0393E-931B-42A8-B865-C392C66A7FA7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4253EA5A-8409-49D3-BC9C-74E7F36143E6}.exe
Task: {EEE10054-221B-4D2E-BF73-5E5F524841B7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {F45DF754-106D-475C-93E4-BFE3FBB3EBA3} - System32\Tasks\GallopingNumericsV2 => Rundll32.exe MonocytesRemediable.dll,main 7 1 <==== ATTENTION
Task: {FB2C844D-3B34-4B8E-8799-4C7E19422CDD} - System32\Tasks\Price Fountain => C:\Users\Iras\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4253EA5A-8409-49D3-BC9C-74E7F36143E6}.exe <==== ATTENTION
Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Iras\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKU\S-1-5-21-77867466-755365321-263658617-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
GroupPolicyUsers\S-1-5-21-77867466-755365321-263658617-1001\User: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1443277762&z=7c0281305df4ee38834f85dg6z2zfc3o9mdmemfqao&from=cor&uid=hitachixhts547564a9e384_j2180053hnrswdhnrswdx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1443277762&z=7c0281305df4ee38834f85dg6z2zfc3o9mdmemfqao&from=cor&uid=hitachixhts547564a9e384_j2180053hnrswdhnrswdx&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1443277762&z=7c0281305df4ee38834f85dg6z2zfc3o9mdmemfqao&from=cor&uid=hitachixhts547564a9e384_j2180053hnrswdhnrswdx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1443277762&z=7c0281305df4ee38834f85dg6z2zfc3o9mdmemfqao&from=cor&uid=hitachixhts547564a9e384_j2180053hnrswdhnrswdx&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-77867466-755365321-263658617-1000 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR HKU\S-1-5-21-77867466-755365321-263658617-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Iras\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Iras\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx <not found>
DisableService: Internet Manager. RunOuc
DisableService: PLAY ONLINE. RunOuc
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKCU\Software\Mozilla
DeleteKey: HKCU\Software\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Mozilla
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ServiceLayer
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gadu-Gadu 10
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla
DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
RemoveDirectory: C:\Program Files (x86)\Lenovo
RemoveDirectory: C:\Program Files (x86)\Mozilla Firefox
RemoveDirectory: C:\Program Files (x86)\RayDld
RemoveDirectory: C:\Users\Iras\AppData\Local\GallopingNumerics
RemoveDirectory: C:\Users\Iras\AppData\Local\Lenovo
RemoveDirectory: C:\Users\Iras\AppData\Local\Mozilla
RemoveDirectory: C:\Users\Iras\AppData\Roaming\Mozilla
C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\*.lnk
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
C:\Users\Guest\Desktop\Budzik.lnk
C:\Users\Iras\AppData\Roaming\Microsoft\Office\Niedawny\zadanie BO.LNK
C:\Users\Iras\Desktop\Iraas\AVG 2014.lnk
C:\Users\Iras\Desktop\Iraas\Google Earth.lnk
C:\Users\Iras\Desktop\Iraas\katalog\Nowy folder (2)\Ireneusz Czernik- Cegła\Nowy folder (2)\Google Chrome.lnk
C:\Users\Iras\Desktop\Iraas\katalog\Nowy folder (2)\Skype.lnk
C:\Users\Iras\Downloads\sh-remover.exe
C:\Users\UpdatusUser\Desktop\*.lnk
CMD: netsh advfirewall reset
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4D0393E-931B-42A8-B865-C392C66A7FA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4D0393E-931B-42A8-B865-C392C66A7FA7}" => key removed successfully
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEE10054-221B-4D2E-BF73-5E5F524841B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEE10054-221B-4D2E-BF73-5E5F524841B7}" => key removed successfully
C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64 35" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F45DF754-106D-475C-93E4-BFE3FBB3EBA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F45DF754-106D-475C-93E4-BFE3FBB3EBA3}" => key removed successfully
C:\Windows\System32\Tasks\GallopingNumericsV2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GallopingNumericsV2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB2C844D-3B34-4B8E-8799-4C7E19422CDD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB2C844D-3B34-4B8E-8799-4C7E19422CDD}" => key removed successfully
C:\Windows\System32\Tasks\Price Fountain => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price Fountain" => key removed successfully
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\Windows\Tasks\Price Fountain.job => moved successfully
HKU\S-1-5-21-77867466-755365321-263658617-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => value removed successfully
AthBTPort => service removed successfully
BTATH_A2DP => service removed successfully
BTATH_BUS => service removed successfully
BTATH_HCRP => service removed successfully
BTATH_LWFLT => service removed successfully
BTATH_RCP => service removed successfully
BtFilter => service removed successfully
klkbdflt2 => service not found.
pccsmcfd => service removed successfully
VGPU => service removed successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-77867466-755365321-263658617-1001\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-77867466-755365321-263658617-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found. 
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found. 
"HKU\S-1-5-21-77867466-755365321-263658617-1000\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => key removed successfully
Internet Manager. RunOuc => service was disabled
PLAY ONLINE. RunOuc => service was disabled
HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => key removed successfully
HKCU\Software\dobreprogramy => key removed successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => key removed successfully
HKCU\Software\Mozilla => key not found. 
HKCU\Software\MozillaPlugins => key removed successfully
HKLM\SOFTWARE\Mozilla => key not found. 
HKLM\SOFTWARE\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\MozillaPlugins => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ServiceLayer => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gadu-Gadu 10 => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Mozilla => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\Mozilla => key removed successfully
HKLM\SOFTWARE\Wow6432Node\mozilla.org => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\mozilla.org => key removed successfully
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => key removed successfully
"C:\Program Files (x86)\Lenovo" => not found.
"C:\Program Files (x86)\Mozilla Firefox" => removed successfully.
"C:\Program Files (x86)\RayDld" => removed successfully.
"C:\Users\Iras\AppData\Local\GallopingNumerics" => removed successfully.
"C:\Users\Iras\AppData\Local\Lenovo" => removed successfully.
"C:\Users\Iras\AppData\Local\Mozilla" => removed successfully.
"C:\Users\Iras\AppData\Roaming\Mozilla" => removed successfully.

=========== "C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\*.lnk" ==========

C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\BlackBerry 9790.lnk => moved successfully
C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\Iras (1).lnk => moved successfully
C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\Iras HTC.lnk => moved successfully
C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\Iras.lnk => moved successfully
C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\MBS-100.lnk => moved successfully
C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\Nokia 3720c ada.lnk => moved successfully
C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\SYLWIA.lnk => moved successfully

========= End -> "C:\ProgramData\Atheros\Device link\74-2f-68-b5-67-1d\*.lnk" ========

C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => moved successfully
C:\Users\Guest\Desktop\Budzik.lnk => moved successfully
C:\Users\Iras\AppData\Roaming\Microsoft\Office\Niedawny\zadanie BO.LNK => moved successfully
C:\Users\Iras\Desktop\Iraas\AVG 2014.lnk => moved successfully
C:\Users\Iras\Desktop\Iraas\Google Earth.lnk => moved successfully
C:\Users\Iras\Desktop\Iraas\katalog\Nowy folder (2)\Ireneusz Czernik- Cegła\Nowy folder (2)\Google Chrome.lnk => moved successfully
C:\Users\Iras\Desktop\Iraas\katalog\Nowy folder (2)\Skype.lnk => moved successfully
C:\Users\Iras\Downloads\sh-remover.exe => moved successfully

=========== "C:\Users\UpdatusUser\Desktop\*.lnk" ==========

C:\Users\UpdatusUser\Desktop\3G HSUPA Modem.lnk => moved successfully
C:\Users\UpdatusUser\Desktop\Budzik.lnk => moved successfully

========= End -> "C:\Users\UpdatusUser\Desktop\*.lnk" ========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========

EmptyTemp: => 700.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:14:45 ====