Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2014 Ran by Golo at 2014-09-29 22:03:11 Run:2 Running from D:\Pulpit Loaded Profile: Golo (Available profiles: Golo & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Task: {283F9B70-6C60-42A5-AE3F-19A03795F846} - System32\Tasks\{349A66C9-B17D-40BA-8F37-1A3ED9E5B306} => E:\!Gry\Aliens vs. Predator 2\AVP2.exe Task: {2A48644D-80A9-4F83-B180-1C21D958436F} - \ShopperProJSUpd No Task File <==== ATTENTION Task: {55589616-DC35-44C2-AAA5-48824EDD2006} - \SPDriver No Task File <==== ATTENTION Task: {75666091-E8E4-47EB-B732-2264455493A2} - System32\Tasks\e-pity2012_kwiecien => E:\!Programy\Narzedzia\e-pity2012\signxml.exe Task: {78B5A55D-8AD0-4C72-9152-84F11B15E8B6} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {7C430DF9-05CA-4E3D-82BE-4178BECC37D3} - \SPBIW_UpdateTask_Time_323732393431303436372d50552d6c455a37575a417834 No Task File <==== ATTENTION Task: {D927135B-587A-4F79-B881-6374C16CB7DD} - System32\Tasks\e-pity2012_styczen => E:\!Programy\Narzedzia\e-pity2012\signxml.exe Task: {DAA0CD36-1512-41A0-8AA0-09A8EBFCD452} - \Installer_iwebar No Task File <==== ATTENTION Task: {EF03F5B6-594A-4887-95C4-FC90524D2B45} - \ShopperPro No Task File <==== ATTENTION Task: {FD849A3A-E333-4927-B599-3F5333600DEA} - System32\Tasks\Installer_sense => C:\Users\Golo\AppData\Local\Installer\Installsense_21726\delay.exe <==== ATTENTION SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {66195FEA-0740-4cea-9278-8EBD7595E588} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} S2 YouTubeAcceleratorService; C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X] R1 A2DDA; E:\!PROGRAMY\SIEć, BEZPIECZEńSTWO\EMSISOFTEMERGENCYKIT\BIN\a2ddax64.sys [26176 2014-09-12] (Emsisoft GmbH) S3 cleanhlp; E:\!Programy\Sieć, Bezpieczeństwo\EmsisoftEmergencyKit\bin\cleanhlp64.sys [57024 2014-09-12] (Emsisoft GmbH) S0 xtoxpl; No ImagePath S3 MSICDSetup; \??\F:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X] S3 vdrive; system32\DRIVERS\vdrive.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" C:\ProgramData\Temp C:\Users\Golo\AppData\Local\Mail.Ru C:\Users\Golo\AppData\Roaming\Temp C:\Windows\CUAppUsage.Dat Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{283F9B70-6C60-42A5-AE3F-19A03795F846}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{283F9B70-6C60-42A5-AE3F-19A03795F846}" => Key deleted successfully. C:\Windows\System32\Tasks\{349A66C9-B17D-40BA-8F37-1A3ED9E5B306} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{349A66C9-B17D-40BA-8F37-1A3ED9E5B306}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A48644D-80A9-4F83-B180-1C21D958436F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A48644D-80A9-4F83-B180-1C21D958436F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55589616-DC35-44C2-AAA5-48824EDD2006}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55589616-DC35-44C2-AAA5-48824EDD2006}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75666091-E8E4-47EB-B732-2264455493A2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75666091-E8E4-47EB-B732-2264455493A2}" => Key deleted successfully. C:\Windows\System32\Tasks\e-pity2012_kwiecien => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2012_kwiecien" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78B5A55D-8AD0-4C72-9152-84F11B15E8B6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78B5A55D-8AD0-4C72-9152-84F11B15E8B6}" => Key deleted successfully. C:\Windows\System32\Tasks\Launch HTC Sync Loader => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Launch HTC Sync Loader" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C430DF9-05CA-4E3D-82BE-4178BECC37D3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C430DF9-05CA-4E3D-82BE-4178BECC37D3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323732393431303436372d50552d6c455a37575a417834" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D927135B-587A-4F79-B881-6374C16CB7DD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D927135B-587A-4F79-B881-6374C16CB7DD}" => Key deleted successfully. C:\Windows\System32\Tasks\e-pity2012_styczen => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2012_styczen" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DAA0CD36-1512-41A0-8AA0-09A8EBFCD452}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAA0CD36-1512-41A0-8AA0-09A8EBFCD452}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF03F5B6-594A-4887-95C4-FC90524D2B45}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF03F5B6-594A-4887-95C4-FC90524D2B45}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD849A3A-E333-4927-B599-3F5333600DEA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD849A3A-E333-4927-B599-3F5333600DEA}" => Key deleted successfully. C:\Windows\System32\Tasks\Installer_sense => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense" => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66195FEA-0740-4cea-9278-8EBD7595E588}" => Key deleted successfully. "HKCR\CLSID\{66195FEA-0740-4cea-9278-8EBD7595E588}" => Key not found. YouTubeAcceleratorService => Service deleted successfully. A2DDA => Service stopped successfully. A2DDA => Service deleted successfully. cleanhlp => Service deleted successfully. xtoxpl => Service deleted successfully. MSICDSetup => Service deleted successfully. NTIOLib_1_0_C => Service deleted successfully. vdrive => Service deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys" => Key deleted successfully. C:\ProgramData\Temp => Moved successfully. C:\Users\Golo\AppData\Local\Mail.Ru => Moved successfully. C:\Users\Golo\AppData\Roaming\Temp => Moved successfully. C:\Windows\CUAppUsage.Dat => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 401.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====