Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2014 01 Ran by Paul at 2014-01-11 08:58:07 Run:2 Running from H:\WindowsUpdate -rozwiazywanie problemow Boot Mode: Normal ============================================== Content of fixlist: ***************** Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\e81a9dc1 /s S2 e81a9dc1; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation) Task: {3121C90B-F3B6-4BCD-8CC7-2F55926AB424} - \Express FilesUpdate No Task File Task: {3E3E5ED1-16B7-48C8-B563-E50FEEF2A18D} - \QtraxPlayer No Task File Task: {46B46C8A-B5D8-4E28-885B-2A6CF75CC60A} - \Omiga Plus RunAsStdUser No Task File Task: {4AF4B57F-CD9F-408A-9E32-F37A86D00184} - \User_Feed_Synchronization-{422D18DC-3E34-43AB-9A69-08611C9A6C7F} No Task File Task: {A0352FE3-A4F1-4E63-97D4-7F463F67EE61} - \Desk 365 RunAsStdUser No Task File Task: {B8686A2F-EFF2-47FF-8AB2-8A5D204D9BD9} - \schedule!3036567561 No Task File BootExecute: C:\Windows\system32\Drivers\etc\hosts.bak C:\Windows\system32\Drivers\etc\hostsOLD C:\ProgramData\SoftWarehouse C:\ProgramData\InstallMate ***************** ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\e81a9dc1 /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e81a9dc1 Type REG_DWORD 0x10 Start REG_DWORD 0x2 ErrorControl REG_DWORD 0x0 ImagePath REG_EXPAND_SZ "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service DisplayName REG_SZ GS-Supporter WOW64 REG_DWORD 0x1 ObjectName REG_SZ LocalSystem ========= End of Reg: ========= e81a9dc1 => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3121C90B-F3B6-4BCD-8CC7-2F55926AB424} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3121C90B-F3B6-4BCD-8CC7-2F55926AB424} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E3E5ED1-16B7-48C8-B563-E50FEEF2A18D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E3E5ED1-16B7-48C8-B563-E50FEEF2A18D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QtraxPlayer => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46B46C8A-B5D8-4E28-885B-2A6CF75CC60A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46B46C8A-B5D8-4E28-885B-2A6CF75CC60A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omiga Plus RunAsStdUser => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AF4B57F-CD9F-408A-9E32-F37A86D00184} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AF4B57F-CD9F-408A-9E32-F37A86D00184} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{422D18DC-3E34-43AB-9A69-08611C9A6C7F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0352FE3-A4F1-4E63-97D4-7F463F67EE61} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0352FE3-A4F1-4E63-97D4-7F463F67EE61} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8686A2F-EFF2-47FF-8AB2-8A5D204D9BD9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8686A2F-EFF2-47FF-8AB2-8A5D204D9BD9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!3036567561 => Key deleted successfully. C:\Windows\system32\Drivers\etc\hosts.bak => Moved successfully. C:\Windows\system32\Drivers\etc\hostsOLD => Moved successfully. C:\ProgramData\SoftWarehouse => Moved successfully. C:\ProgramData\InstallMate => Moved successfully. ==== End of Fixlog ====