Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 Ran by Patrycjusz at 2014-11-13 22:36:59 Run:1 Running from C:\Users\Patrycjusz\Desktop\New folder (2) Loaded Profile: Patrycjusz (Available profiles: Patrycjusz) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Task: {498D567F-5D8C-4E5E-95E6-49A717284792} - System32\Tasks\SGK => C:\Users\Patrycjusz\AppData\Roaming\SGK.exe <==== ATTENTION Task: {6D0780EB-CFD1-435C-B8DA-078D7543EDBF} - System32\Tasks\SYSTEM => C:\ProgramData\wms.exe [2014-09-14] (Microsoft® Corporation) <==== ATTENTION Task: {A8BF89F8-CD9B-4200-9B2F-B1143FC3F519} - System32\Tasks\YWSZF => C:\Users\Patrycjusz\AppData\Roaming\YWSZF.exe <==== ATTENTION Task: {D8E98C48-D958-4685-B27F-DB1EEC0CFAB4} - System32\Tasks\PETN Update => C:\Users\Patrycjusz\AppData\Local\PETN\petnupdate.exe Task: C:\Windows\Tasks\SGK.job => C:\Users\Patrycjusz\AppData\Roaming\SGK.exe <==== ATTENTION Task: C:\Windows\Tasks\YWSZF.job => C:\Users\Patrycjusz\AppData\Roaming\YWSZF.exe <==== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION HKU\S-1-5-21-1542458404-1444137664-256976008-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 C:\Program Files (x86)\Google C:\Program Files (x86)\Mozilla Firefox C:\ProgramData\.sys C:\ProgramData\wms.exe C:\ProgramData\InstaShare C:\Users\Patrycjusz\AppData\Local\Google C:\Users\Patrycjusz\AppData\Local\PETN C:\Users\Patrycjusz\AppData\Roaming\*.exe C:\Users\Patrycjusz\AppData\Roaming\SGK C:\Users\Patrycjusz\AppData\Roaming\YWSZF C:\Users\Patrycjusz\Downloads\SpyHunter-Installer.exe CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Patrycjusz\AppData\Local CMD: dir /a C:\Users\Patrycjusz\AppData\LocalLow CMD: dir /a C:\Users\Patrycjusz\AppData\Roaming Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{498D567F-5D8C-4E5E-95E6-49A717284792}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{498D567F-5D8C-4E5E-95E6-49A717284792}" => Key deleted successfully. C:\Windows\System32\Tasks\SGK => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SGK" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D0780EB-CFD1-435C-B8DA-078D7543EDBF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D0780EB-CFD1-435C-B8DA-078D7543EDBF}" => Key deleted successfully. C:\Windows\System32\Tasks\SYSTEM => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEM" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8BF89F8-CD9B-4200-9B2F-B1143FC3F519}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8BF89F8-CD9B-4200-9B2F-B1143FC3F519}" => Key deleted successfully. C:\Windows\System32\Tasks\YWSZF => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YWSZF" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8E98C48-D958-4685-B27F-DB1EEC0CFAB4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E98C48-D958-4685-B27F-DB1EEC0CFAB4}" => Key deleted successfully. C:\Windows\System32\Tasks\PETN Update => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PETN Update" => Key deleted successfully. C:\Windows\Tasks\SGK.job => Moved successfully. C:\Windows\Tasks\YWSZF.job => Moved successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKU\S-1-5-21-1542458404-1444137664-256976008-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully. "HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. C:\ProgramData\.sys => Moved successfully. C:\ProgramData\wms.exe => Moved successfully. C:\ProgramData\InstaShare => Moved successfully. C:\Users\Patrycjusz\AppData\Local\Google => Moved successfully. "C:\Users\Patrycjusz\AppData\Local\PETN" => File/Directory not found. "C:\Users\Patrycjusz\AppData\Roaming\*.exe" => File/Directory not found. C:\Users\Patrycjusz\AppData\Roaming\SGK => Moved successfully. C:\Users\Patrycjusz\AppData\Roaming\YWSZF => Moved successfully. "C:\Users\Patrycjusz\Downloads\SpyHunter-Installer.exe" => File/Directory not found. ========= dir /a "C:\Program Files" ========= Volume in drive C is Windows Volume Serial Number is 40BC-3C8B Directory of C:\Program Files 13/11/2014 19:04 . 13/11/2014 19:04 .. 09/09/2013 14:17 7-Zip 09/05/2014 22:58 Bonjour 10/11/2014 23:00 Common Files 22/08/2013 15:35 174 desktop.ini 13/11/2014 22:16 Enigma Software Group 09/05/2014 23:15 Hewlett-Packard 17/09/2014 21:43 HitmanPro 09/05/2014 23:01 IDT 09/05/2014 23:02 Intel 12/11/2014 00:22 Internet Explorer 09/05/2014 23:14 mcafee 13/11/2014 22:10 McAfee Security Scan 09/05/2014 23:13 mcafee.com 10/11/2014 22:57 Microsoft Analysis Services 10/11/2014 22:58 Microsoft Office 10/11/2014 22:59 Microsoft SQL Server 10/11/2014 22:59 Microsoft.NET 26/08/2013 06:12 MSBuild 14/09/2014 16:56 NVIDIA Corporation 14/09/2014 08:51 Online Services 26/08/2013 06:12 Reference Assemblies 09/05/2014 23:02 Synaptics 14/09/2014 14:57 TeamSpeak 3 Client 22/08/2013 14:47 Uninstall Information 09/05/2014 23:03 Validity Sensors 12/11/2014 00:22 Windows Defender 26/09/2014 08:17 Windows Journal 09/09/2013 22:59 Windows Mail 19/09/2014 21:25 Windows Media Player 19/09/2014 21:25 Windows Multimedia Platform 22/08/2013 15:36 Windows NT 09/09/2013 23:01 Windows Photo Viewer 19/09/2014 21:25 Windows Portable Devices 22/08/2013 15:36 Windows Sidebar 13/11/2014 18:26 WindowsApps 22/08/2013 15:36 WindowsPowerShell 1 File(s) 174 bytes 37 Dir(s) 873,340,874,752 bytes free ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is Windows Volume Serial Number is 40BC-3C8B Directory of C:\Program Files (x86) 13/11/2014 22:37 . 13/11/2014 22:37 .. 17/09/2014 11:06 Adobe 19/09/2014 21:58 AGEIA Technologies 29/10/2014 21:23 Battle.net 09/05/2014 22:58 Bonjour 10/11/2014 22:49 Common Files 19/09/2014 22:03 CyberLink 10/11/2014 22:45 DAEMON Tools Ultra 22/08/2013 15:34 174 desktop.ini 24/09/2014 12:56 Diablo III 29/09/2014 21:39 Free Hide Folder 30/09/2014 22:33 Hewlett-Packard 09/09/2013 14:25 HPConnectedMusic 30/09/2014 22:34 InstallShield Installation Information 09/05/2014 22:58 Intel 12/11/2014 00:22 Internet Explorer 12/10/2014 16:19 Java 18/10/2014 20:43 Malwarebytes Anti-Malware 09/05/2014 23:14 McAfee 09/05/2014 23:13 mcafee.com 10/11/2014 22:57 Microsoft Analysis Services 09/09/2013 14:18 Microsoft Office 21/09/2014 17:22 Microsoft SkyDrive 10/11/2014 22:59 Microsoft SQL Server 09/09/2013 14:22 Microsoft SQL Server Compact Edition 10/11/2014 22:59 Microsoft.NET 13/11/2014 22:29 Mozilla Maintenance Service 26/08/2013 06:12 MSBuild 14/09/2014 16:56 NVIDIA Corporation 14/09/2014 08:51 Online Services 14/09/2014 09:35 Pando Networks 09/05/2014 22:59 Ralink Corporation 14/09/2014 14:08 Razer 09/05/2014 23:04 Realtek 26/08/2013 06:12 Reference Assemblies 29/09/2014 20:41 Skype 29/09/2014 21:34 Steam 09/09/2013 14:42 WildGames 09/09/2013 14:43 WildTangent Games 12/11/2014 00:22 Windows Defender 09/09/2013 14:22 Windows Live 09/09/2013 22:59 Windows Mail 19/09/2014 21:25 Windows Media Player 19/09/2014 21:25 Windows Multimedia Platform 22/08/2013 15:36 Windows NT 09/09/2013 23:01 Windows Photo Viewer 19/09/2014 21:25 Windows Portable Devices 22/08/2013 15:36 Windows Sidebar 22/08/2013 15:36 WindowsPowerShell 1 File(s) 174 bytes 49 Dir(s) 873,340,874,752 bytes free ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is Windows Volume Serial Number is 40BC-3C8B Directory of C:\ProgramData 13/11/2014 22:37 . 13/11/2014 22:37 .. 17/09/2014 11:13 Adobe 09/05/2014 22:58 Apple 22/08/2013 14:45 Application Data [C:\ProgramData] 23/09/2014 20:42 Battle.net 23/09/2014 20:44 Blizzard Entertainment 17/09/2014 12:13 BoostSoftware 19/09/2014 22:02 CyberLink 10/11/2014 22:45 DAEMON Tools Ultra 22/08/2013 14:45 Desktop [C:\Users\Public\Desktop] 22/08/2013 14:45 Documents [C:\Users\Public\Documents] 16/09/2014 21:44 GpWPrgx 30/09/2014 22:32 Hewlett-Packard 17/09/2014 21:50 HitmanPro 16/09/2014 21:46 IDM 09/05/2014 23:18 install_clap 09/05/2014 23:05 Intel 17/09/2014 21:29 Malwarebytes 14/09/2014 15:06 McAfee 15/10/2014 18:45 Microsoft 10/11/2014 23:01 Microsoft Help 21/09/2014 17:22 Microsoft SkyDrive 13/11/2014 22:29 Mozilla 17/09/2014 12:20 258 ntuser.pol 02/11/2014 00:15 NVIDIA 14/09/2014 17:24 NVIDIA Corporation 12/10/2014 16:19 Oracle 09/05/2014 23:00 Package Cache 09/05/2014 23:00 Ralink Driver 14/09/2014 14:08 Razer 10/11/2014 22:59 regid.1991-06.com.microsoft 14/09/2014 09:37 Riot Games 16/10/2014 20:24 Skype 22/08/2013 14:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 12/10/2014 16:19 Sun 14/09/2014 08:53 Synaptics 09/05/2014 23:18 Temp 22/08/2013 14:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 09/05/2014 23:03 Validity 09/09/2013 14:43 WildTangent 30/09/2014 22:33 {18165758-115C-4DC0-9EC2-FF89F725767F} 1 File(s) 258 bytes 41 Dir(s) 873,340,870,656 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\Patrycjusz\AppData\Local ========= Volume in drive C is Windows Volume Serial Number is 40BC-3C8B Directory of C:\Users\Patrycjusz\AppData\Local 13/11/2014 22:37 . 13/11/2014 22:37 .. 07/10/2014 15:37 Adobe 14/09/2014 08:57 Apps 10/11/2014 22:49 Battle.net 16/09/2014 17:53 0 BIT874A.tmp 23/09/2014 20:44 Blizzard Entertainment 13/11/2014 22:33 CrashDumps 14/09/2014 08:53 CyberLink 18/10/2014 20:10 Deployment 13/11/2014 18:52 Diagnostics 10/11/2014 23:05 Disc_Soft_Ltd 13/11/2014 22:08 EmieBrowserModeList 19/09/2014 23:38 EmieSiteList 19/09/2014 23:38 EmieUserList 16/09/2014 22:34 Hewlett-Packard 13/11/2014 00:25 257,353 IconCache.db 13/11/2014 00:07 InstaShare 14/09/2014 16:56 Intel_Corporation 02/11/2014 22:00 Microsoft 10/11/2014 22:57 Microsoft Help 13/11/2014 22:29 Mozilla 17/09/2014 12:17 617,369 nsn26D5.tmp 14/09/2014 17:25 NVIDIA 14/09/2014 17:25 NVIDIA Corporation 10/10/2014 14:23 Packages 14/09/2014 08:52 PackageStaging 17/09/2014 11:32 Plarium 14/09/2014 08:53 Power2Go8 14/09/2014 09:30 Programs 14/09/2014 14:09 Razer 14/09/2014 14:09 Razer_Inc 29/09/2014 20:41 Skype 13/11/2014 22:36 Temp 21/09/2014 17:16 VirtualStore 16/09/2014 17:52 0 {B87A5FF7-693F-498C-B9CD-0DBA1C37EA21} 4 File(s) 874,722 bytes 32 Dir(s) 873,340,870,656 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\Patrycjusz\AppData\LocalLow ========= Volume in drive C is Windows Volume Serial Number is 40BC-3C8B Directory of C:\Users\Patrycjusz\AppData\LocalLow 13/11/2014 22:07 . 13/11/2014 22:07 .. 07/10/2014 15:37 Adobe 13/11/2014 22:08 EmieBrowserModeList 20/09/2014 19:53 EmieSiteList 20/09/2014 19:53 EmieUserList 14/09/2014 08:51 Microsoft 12/10/2014 16:18 Sun 0 File(s) 0 bytes 8 Dir(s) 873,340,866,560 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\Patrycjusz\AppData\Roaming ========= Volume in drive C is Windows Volume Serial Number is 40BC-3C8B Directory of C:\Users\Patrycjusz\AppData\Roaming 13/11/2014 22:37 . 13/11/2014 22:37 .. 12/10/2014 16:22 .minecraft 07/10/2014 15:37 Adobe 24/09/2014 11:06 Battle.net 10/11/2014 22:46 DAEMON Tools Ultra 17/09/2014 11:11 DMCache 12/11/2014 11:49 Enigma Software Group 14/09/2014 08:55 Hewlett-Packard 19/09/2014 22:14 hpqlog 17/09/2014 13:37 IDT 14/09/2014 12:47 LolClient 14/09/2014 08:55 Macromedia 02/11/2014 22:41 Microsoft 13/11/2014 22:29 Mozilla 23/09/2014 20:44 NVIDIA 14/09/2014 09:35 Riot Games 06/11/2014 23:36 Skype 14/09/2014 08:53 Synaptics 30/10/2014 22:51 TS3Client 0 File(s) 0 bytes 20 Dir(s) 873,340,850,176 bytes free ========= End of CMD: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= The operation completed successfully. ========= End of Reg: ========= EmptyTemp: => Removed 102.5 MB temporary data. The system needed a reboot. ==== End of Fixlog ====