Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Lukasz_2 at 2014-09-22 20:26:39 Run:1
Running from I:\fix
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe
HKU\S-1-5-21-3226649207-2173951153-2690345056-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-3226649207-2173951153-2690345056-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
Task: {376A8ED6-3020-4F88-98FE-B2EB378885B4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{F8AF48B9-6092-43F2-9EC6-1EEEAB8CDD8F}.exe
Task: {D5F99704-21A0-4E42-888C-C16DB51AA2FF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{CC77281B-424D-4E68-B7AA-5409745C1BA5}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{CC77281B-424D-4E68-B7AA-5409745C1BA5}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{F8AF48B9-6092-43F2-9EC6-1EEEAB8CDD8F}.exe
GroupPolicyUsers\S-1-5-21-3226649207-2173951153-2690345056-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3226649207-2173951153-2690345056-1001\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3226649207-2173951153-2690345056-1000\User: Group Policy restriction detected <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Program Files (x86)\mozilla firefox\plugins
C:\ProgramData\Avg_Update_0814tb
C:\ProgramData\InstallMate
C:\Users\Lukasz\AppData\Roaming\Gyazo
C:\Users\Lukasz\Downloads\Setup.exe
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f
Reg: reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /f
Reg: reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" /f
Reg: reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" /f
Reg: reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C19E4BF8-5BED-4410-98C7-6571A000149A}" /f
Reg: reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CMD: sc config "Cyfrowy Polsat E3276. RunOuc" start= demand
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Gyazo => value deleted successfully.
HKU\S-1-5-21-3226649207-2173951153-2690345056-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_TB => Value not found.
HKU\S-1-5-21-3226649207-2173951153-2690345056-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_JUNE2013_HP => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{376A8ED6-3020-4F88-98FE-B2EB378885B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{376A8ED6-3020-4F88-98FE-B2EB378885B4}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5F99704-21A0-4E42-888C-C16DB51AA2FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5F99704-21A0-4E42-888C-C16DB51AA2FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3226649207-2173951153-2690345056-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3226649207-2173951153-2690345056-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3226649207-2173951153-2690345056-1000\User => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
xhunter1 => Service deleted successfully.
C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully.
C:\ProgramData\Avg_Update_0814tb => Moved successfully.
C:\ProgramData\InstallMate => Moved successfully.
C:\Users\Lukasz\AppData\Roaming\Gyazo => Moved successfully.
C:\Users\Lukasz\Downloads\Setup.exe => Moved successfully.

========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C19E4BF8-5BED-4410-98C7-6571A000149A}" /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3226649207-2173951153-2690345056-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

The operation completed successfully.


========= End of Reg: =========


=========  sc config "Cyfrowy Polsat E3276. RunOuc" start= demand =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========

EmptyTemp: => Removed 27.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====