Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-11-2014 Ran by Bednarr at 2014-11-02 12:45:48 Run:1 Running from C:\Documents and Settings\Bednarr\Pulpit\Nowy folder (2) Loaded Profile: Bednarr (Available profiles: Bednarr & Gość) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 nethfdrv; C:\WINDOWS\system32\drivers\nethfdrv.sys [49152 2014-10-20] () [File not signed] R2 NetHttpService; C:\WINDOWS\system32\nethtsrv.exe [180224 2014-10-20] () [File not signed] R2 ServiceUpdater; C:\WINDOWS\system32\netupdsrv.exe [162304 2014-10-20] () [File not signed] S3 ATP; system32\DRIVERS\cmdatp.sys [X] S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X] Winlogon\Notify\WgaLogon: WgaLogon.dll [X] Task: C:\WINDOWS\Tasks\WinThruster_DEFAULT.job => C:\Program Files\WinThruster\WinThruster.exe Task: C:\WINDOWS\Tasks\WinThruster_UPDATES.job => C:\Program Files\WinThruster\WinThruster.exe M:\AUTORUN.FCB C:\awh*.tmp C:\Documents and Settings\All Users\Dane aplikacji\YTD Video Downloader C:\Documents and Settings\All Users\Menu Start\Programy\YTD Video Downloader C:\Documents and Settings\Bednarr\Dane aplikacji\3943 C:\Documents and Settings\Bednarr\Dane aplikacji\Solvusoft C:\WINDOWS\pss\fabulous_09271114.lnkStartup C:\WINDOWS\system32\hfnapi.dll C:\WINDOWS\system32\hfpapi.dll C:\WINDOWS\system32\installd.exe C:\WINDOWS\system32\nethtsrv.exe C:\WINDOWS\system32\netupdsrv.exe C:\WINDOWS\system32\Drivers\nethfdrv.sys Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Bednarr^Menu Start^Programy^Autostart^fabulous_09271114.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fabulous_09271114" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinThrusterReminder" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. nethfdrv => Unable to stop service nethfdrv => Service deleted successfully. NetHttpService => Service deleted successfully. ServiceUpdater => Service deleted successfully. ATP => Service deleted successfully. gdrv => Service deleted successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon" => Key deleted successfully. C:\WINDOWS\Tasks\WinThruster_DEFAULT.job => Moved successfully. C:\WINDOWS\Tasks\WinThruster_UPDATES.job => Moved successfully. M:\AUTORUN.FCB => Moved successfully. C:\awh*.tmp => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\YTD Video Downloader => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\YTD Video Downloader => Moved successfully. C:\Documents and Settings\Bednarr\Dane aplikacji\3943 => Moved successfully. C:\Documents and Settings\Bednarr\Dane aplikacji\Solvusoft => Moved successfully. C:\WINDOWS\pss\fabulous_09271114.lnkStartup => Moved successfully. C:\WINDOWS\system32\hfnapi.dll => Moved successfully. C:\WINDOWS\system32\hfpapi.dll => Moved successfully. C:\WINDOWS\system32\installd.exe => Moved successfully. C:\WINDOWS\system32\nethtsrv.exe => Moved successfully. C:\WINDOWS\system32\netupdsrv.exe => Moved successfully. C:\WINDOWS\system32\Drivers\nethfdrv.sys => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Bednarr^Menu Start^Programy^Autostart^fabulous_09271114.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fabulous_09271114" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinThrusterReminder" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 2.2 GB temporary data. The system needed a reboot. ==== End of Fixlog ====