Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01 Ran by ja at 2014-11-25 21:26:47 Run:1 Running from G:\ps3 Loaded Profile: ja (Available profiles: ja) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S2 fc67e7a0; "C:\Windows\system32\rundll32.exe" "c:\program files (x86)\DeltaFix\DeltaFix.dll",serv S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X] S3 dcdbas; \SystemRoot\System32\drivers\dcdbas64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S2 SPDRIVER_1.37.0.1390; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1390\jsdrv.sys [X] Task: {1703254E-577D-49D9-8544-2F194C53670E} - System32\Tasks\Installer_sense => C:\Users\ja\AppData\Local\Installer\Installsense_20461\delay.exe <==== ATTENTION Task: {37E92B47-93B1-423C-9A64-62CC68596203} - \SPBIW_UpdateTask_Time_3533393736323933332d232d783232575b5a34452d2a No Task File <==== ATTENTION Task: {4DC026B3-1D1E-4525-9320-BCB396891C2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {743BA98E-D148-4C8F-85ED-DC4B29A15F08} - \Installer_iwebar No Task File <==== ATTENTION Task: {76E47D0A-CC68-4D0E-85F6-BA670738EF9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {EA7F0DCC-B2C9-419B-8FD9-F220B885FA41} - \Microsoft\Windows\Shell\FamilySafetyUpload No Task File <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-527024006-3297479484-4194791215-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml C:\Program Files (x86)\DeltaFix C:\Program Files (x86)\Google C:\ProgramData\6d276c3130bd3996 C:\ProgramData\Malwarebytes C:\ProgramData\TEMP C:\Users\ja\scan_results C:\Users\ja\AppData\Local\Comodo C:\Users\ja\AppData\Local\Google C:\Users\ja\AppData\Roaming\AVG C:\Users\ja\AppData\Roaming\driver C:\Users\ja\AppData\Roaming\Genieo C:\Users\ja\AppData\Roaming\LavasoftStatistics C:\Users\ja\AppData\Roaming\Opera Software C:\Users\ja\AppData\Roaming\Orbit C:\Users\ja\AppData\Roaming\ProgSense C:\Users\ja\Downloads\*_downloader-*.exe C:\Users\Administrator C:\Users\Gość C:\Users\HomeGroupUser$ C:\Windows\msdownld.tmp C:\Windows\SysWOW64\GroupPolicy\GPT.INI Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\ja\AppData\Local CMD: dir /a C:\Users\ja\AppData\LocalLow CMD: dir /a C:\Users\ja\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. fc67e7a0 => Service deleted successfully. gupdate => Service deleted successfully. gupdatem => Service deleted successfully. avchv => Service deleted successfully. dcdbas => Service deleted successfully. MBAMSwissArmy => Service deleted successfully. SPDRIVER_1.37.0.1390 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1703254E-577D-49D9-8544-2F194C53670E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1703254E-577D-49D9-8544-2F194C53670E}" => Key deleted successfully. C:\Windows\System32\Tasks\Installer_sense => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37E92B47-93B1-423C-9A64-62CC68596203}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E92B47-93B1-423C-9A64-62CC68596203}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_3533393736323933332d232d783232575b5a34452d2a" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DC026B3-1D1E-4525-9320-BCB396891C2C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DC026B3-1D1E-4525-9320-BCB396891C2C}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{743BA98E-D148-4C8F-85ED-DC4B29A15F08}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{743BA98E-D148-4C8F-85ED-DC4B29A15F08}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76E47D0A-CC68-4D0E-85F6-BA670738EF9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76E47D0A-CC68-4D0E-85F6-BA670738EF9E}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA7F0DCC-B2C9-419B-8FD9-F220B885FA41}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA7F0DCC-B2C9-419B-8FD9-F220B885FA41}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully. "HKU\S-1-5-21-527024006-3297479484-4194791215-1002\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => Key deleted successfully. C:\Users\ja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml => Moved successfully. C:\Program Files (x86)\DeltaFix => Moved successfully. C:\Program Files (x86)\Google => Moved successfully. C:\ProgramData\6d276c3130bd3996 => Moved successfully. C:\ProgramData\Malwarebytes => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\ja\scan_results => Moved successfully. C:\Users\ja\AppData\Local\Comodo => Moved successfully. C:\Users\ja\AppData\Local\Google => Moved successfully. C:\Users\ja\AppData\Roaming\AVG => Moved successfully. C:\Users\ja\AppData\Roaming\driver => Moved successfully. C:\Users\ja\AppData\Roaming\Genieo => Moved successfully. C:\Users\ja\AppData\Roaming\LavasoftStatistics => Moved successfully. C:\Users\ja\AppData\Roaming\Opera Software => Moved successfully. C:\Users\ja\AppData\Roaming\Orbit => Moved successfully. C:\Users\ja\AppData\Roaming\ProgSense => Moved successfully. C:\Users\ja\Downloads\*_downloader-*.exe => Moved successfully. C:\Users\Administrator => Moved successfully. C:\Users\Gość => Moved successfully. C:\Users\HomeGroupUser$ => Moved successfully. C:\Windows\msdownld.tmp => Moved successfully. C:\Windows\SysWOW64\GroupPolicy\GPT.INI => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= dir /a "C:\Program Files" ========= Volume in drive C is 8 Volume Serial Number is BA59-A6C1 Directory of C:\Program Files 2014-11-20 14:15 . 2014-11-20 14:15 .. 2014-05-24 22:09 7-Zip 2014-08-05 21:48 CCleaner 2014-11-06 16:38 Common Files 2014-07-31 09:42 CPUID 2013-08-22 16:35 174 desktop.ini 2014-09-27 13:09 DivX 2014-05-01 14:59 ESET 2014-09-10 21:37 HWiNFO64 2014-11-12 12:51 Internet Explorer 2014-08-10 17:50 Java 2014-05-13 13:41 KMSpico 2014-10-01 16:24 Microsoft Silverlight 2013-10-31 14:54 MSBuild 2014-10-06 13:39 OBS 2014-10-06 11:14 OpenVPN 2013-10-31 14:54 Reference Assemblies 2014-04-21 13:42 Serviio 2014-11-20 14:15 TAP-Windows 2014-07-24 16:10 TeamSpeak 3 Client 2013-08-22 15:47 Uninstall Information 2014-04-03 10:27 VideoLAN 2014-11-12 12:51 Windows Defender 2014-09-11 01:32 Windows Journal 2013-08-23 00:12 Windows Mail 2014-03-24 09:18 Windows Media Player 2014-03-24 09:18 Windows Multimedia Platform 2013-08-22 16:36 Windows NT 2013-08-23 00:12 Windows Photo Viewer 2014-03-24 09:18 Windows Portable Devices 2013-08-22 16:36 Windows Sidebar 2014-11-25 11:07 WindowsApps 2013-08-22 16:36 WindowsPowerShell 2014-04-03 10:18 WinRAR 1 File(s) 174 bytes 34 Dir(s) 4ÿ405ÿ964ÿ800 bytes free ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Volume in drive C is 8 Volume Serial Number is BA59-A6C1 Directory of C:\Program Files (x86) 2014-11-25 21:26 . 2014-11-25 21:26 .. 2014-07-21 02:47 Adobe 2014-04-03 10:19 Charnet3D 2014-11-06 16:02 Common Files 2014-04-15 22:40 CrystalDiskInfo 2014-11-21 01:45 DAEMON Tools Pro 2013-08-22 16:34 174 desktop.ini 2014-10-20 19:05 DirectShow Pack 2014-09-27 13:09 DivX 2014-10-06 11:13 eFON 2014-11-06 00:12 ffdshow 2014-05-28 11:25 FinalWire 2014-08-30 09:21 InstallShield Installation Information 2014-05-08 22:01 Intel 2014-11-12 12:51 Internet Explorer 2014-08-28 14:37 IrfanView 2014-06-30 14:46 IVONA 2014-11-06 16:04 Java 2014-10-06 15:55 LG Electronics 2014-05-09 14:19 LinuxLive USB Creator 2014-10-01 16:24 Microsoft Silverlight 2014-08-23 14:39 Microsoft.NET 2014-11-11 00:27 Mozilla Firefox 2014-11-12 12:52 Mozilla Maintenance Service 2013-10-31 14:54 MSBuild 2014-04-23 13:16 NapiProjekt 2014-10-06 13:39 OBS 2014-04-15 14:25 OCCTPT 2014-04-18 13:16 OnLive 2014-06-10 22:19 Opera 2013-10-31 14:54 Reference Assemblies 2014-11-24 09:19 Skype 2014-08-30 09:21 Sony 2014-10-31 22:05 Steam 2014-10-31 13:21 SystemRequirementsLab 2014-04-16 09:42 TeamViewer 2014-05-15 16:00 Verbatim 2014-11-12 12:51 Windows Defender 2013-08-23 00:12 Windows Mail 2014-03-24 09:18 Windows Media Player 2014-03-24 09:18 Windows Multimedia Platform 2013-08-22 16:36 Windows NT 2013-08-23 00:12 Windows Photo Viewer 2014-03-24 09:18 Windows Portable Devices 2013-08-22 16:36 Windows Sidebar 2013-08-22 16:36 WindowsPowerShell 1 File(s) 174 bytes 46 Dir(s) 4ÿ405ÿ964ÿ800 bytes free ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Volume in drive C is 8 Volume Serial Number is BA59-A6C1 Directory of C:\ProgramData 2014-11-25 21:26 . 2014-11-25 21:26 .. 2014-09-15 10:20 .mono 2014-07-21 02:47 Adobe 2013-08-22 15:45 Application Data [C:\ProgramData] 2014-04-15 22:41 AVG 2014-04-15 22:39 Common Files 2014-07-29 15:08 DAEMON Tools Lite 2014-07-30 13:58 DAEMON Tools Pro 2014-01-19 15:53 Dane aplikacji [C:\ProgramData] 2013-08-22 15:45 Desktop [C:\Users\Public\Desktop] 2014-09-27 13:09 DivX 2013-08-22 15:45 Documents [C:\Users\Public\Documents] 2014-01-19 15:53 Dokumenty [C:\Users\Public\Documents] 2014-05-01 14:59 ESET 2014-04-30 20:52 Licenses 2014-05-01 15:12 Logs 2014-08-16 09:11 McAfee 2014-01-19 15:53 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-07-09 17:59 Microsoft 2014-08-23 14:40 Microsoft Help 2014-04-02 23:50 Mozilla 2014-11-04 19:52 924 ntuser.pol 2014-11-06 16:00 Oracle 2014-08-05 22:35 Origin 2014-01-19 15:53 Pulpit [C:\Users\Public\Desktop] 2013-10-31 11:50 regid.1991-06.com.microsoft 2014-11-25 18:11 Reprise 2014-11-25 18:09 SketchUp 2014-11-24 09:19 Skype 2014-06-09 10:28 Sony Corporation 2013-08-22 15:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-07-09 21:03 Steam 2014-05-16 15:54 SystemRequirementsLab 2014-01-19 15:53 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2013-08-22 15:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2014-04-30 20:50 Weskysoft 2014-04-15 22:39 {01BD4FC9-2F86-4706-A62E-774BB7E9D308} 1 File(s) 924 bytes 37 Dir(s) 4ÿ405ÿ964ÿ800 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\ja\AppData\Local ========= Volume in drive C is 8 Volume Serial Number is BA59-A6C1 Directory of C:\Users\ja\AppData\Local 2014-11-25 21:26 . 2014-11-25 21:26 .. 2014-10-19 11:20 Adobe 2014-08-30 14:19 Apps 2014-07-11 08:35 BetterDS3 2014-04-02 23:40 Dane aplikacji [C:\Users\ja\AppData\Local] 2014-09-27 13:11 DDMSettings 2014-08-30 14:20 Deployment 2014-11-17 14:14 Diagnostics 2014-06-11 11:03 ElevatedDiagnostics 2014-11-25 18:21 EmieBrowserModeList 2014-04-02 23:47 EmieSiteList 2014-04-02 23:47 EmieUserList 2014-05-05 20:11 ESET 2014-04-04 18:58 FluxSoftware 2014-05-18 17:52 73ÿ160 GDIPFONTCACHEV1.DAT 2014-09-01 17:30 GG 2014-04-02 23:40 Historia [C:\Users\ja\AppData\Local\Microsoft\Windows\History] 2014-11-25 02:13 42ÿ891 IconCache.db 2014-11-01 16:39 Installer 2014-04-02 23:55 Macromedia 2014-11-13 11:44 Microsoft 2014-04-08 21:37 Microsoft Help 2014-04-02 23:50 Mozilla 2014-04-15 14:27 OCCT_-_Ocbase_-_Adrien_Me 2014-06-10 22:19 Opera Software 2014-07-14 15:00 Packages 2014-04-02 23:43 Programs 2014-04-06 09:09 Skype 2014-11-25 21:26 Temp 2014-04-02 23:40 Temporary Internet Files [C:\Users\ja\AppData\Local\Microsoft\Windows\INetCache] 2014-08-23 16:27 Unity 2014-05-02 18:50 VirtualStore 2 File(s) 116ÿ051 bytes 31 Dir(s) 4ÿ405ÿ964ÿ800 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\ja\AppData\LocalLow ========= Volume in drive C is 8 Volume Serial Number is BA59-A6C1 Directory of C:\Users\ja\AppData\LocalLow 2014-11-25 18:21 . 2014-11-25 18:21 .. 2014-07-21 02:49 Adobe 2014-11-17 00:09 boost_interprocess 2014-11-25 18:24 EmieBrowserModeList 2014-04-02 23:48 EmieSiteList 2014-04-02 23:48 EmieUserList 2014-04-03 14:41 Microsoft 2014-04-21 13:41 Sun 0 File(s) 0 bytes 9 Dir(s) 4ÿ405ÿ964ÿ800 bytes free ========= End of CMD: ========= ========= dir /a C:\Users\ja\AppData\Roaming ========= Volume in drive C is 8 Volume Serial Number is BA59-A6C1 Directory of C:\Users\ja\AppData\Roaming 2014-11-25 21:26 . 2014-11-25 21:26 .. 2014-09-15 10:20 .mono 2014-07-21 02:49 Adobe 2013-07-21 20:59 12ÿ005 alsoft.ini 2014-08-05 21:50 DAEMON Tools Lite 2014-07-30 14:29 DAEMON Tools Pro 2014-09-01 17:46 GG 2014-08-28 14:37 IrfanView 2014-06-30 15:07 IVONA Reader 2014-05-02 21:01 Kuma Games 2014-08-23 15:09 LibreOffice 2014-04-03 10:30 livestreamer 2014-04-02 23:47 Macromedia 2013-10-31 11:50 Media Center Programs 2014-10-20 21:14 Microsoft 2014-07-11 08:40 MotioninJoy 2014-04-02 23:50 Mozilla 2014-04-23 13:16 NapiProjekt 2014-07-08 14:43 OBS 2014-04-18 13:16 OnLive App 2014-09-21 12:49 OpenOffice 2014-11-25 18:11 SketchUp 2014-11-25 20:46 Skype 2014-11-08 11:18 TeamViewer 2014-11-24 01:51 TS3Client 2014-08-24 08:22 Unity 2014-11-21 01:44 uTorrent 2014-11-25 14:11 vlc 2014-11-13 00:14 Warner Bros. Interactive Entertainment 2014-04-03 10:19 WinRAR 2014-11-21 23:35 XBMC 1 File(s) 12ÿ005 bytes 31 Dir(s) 4ÿ405ÿ964ÿ800 bytes free ========= End of CMD: ========= EmptyTemp: => Removed 749.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ====