Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014 Ran by Robert at 2014-12-02 15:12:46 Run:3 Running from C:\Users\Robert\Desktop Loaded Profile: Robert (Available profiles: Robert & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S2 Update Techgile; "C:\Program Files (x86)\Techgile\updateTechgile.exe" [X] HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 HKU\S-1-5-21-2184118066-859118458-687225370-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Robert\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=54e62f3abf8d47d0be1cd1543b71c18b-1308d3c63c742bcf262aec552d1bdcca5b3be4c5 /CMPID=1213b ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-2184118066-859118458-687225370-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=156 HKU\S-1-5-21-2184118066-859118458-687225370-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-2184118066-859118458-687225370-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKU\S-1-5-21-2184118066-859118458-687225370-1000 -> DefaultScope {szukaj.gazeta.pl} URL = http://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms} SearchScopes: HKU\S-1-5-21-2184118066-859118458-687225370-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-2184118066-859118458-687225370-1000 -> {C68463FC-2E20-492D-B129-C09640278F6B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=D75B0CE9-6D33-4FF2-9E58-9DFAE6ED907E&apn_sauid=EB10D1E6-E5BE-4D94-BED6-8341C01F8202 SearchScopes: HKU\S-1-5-21-2184118066-859118458-687225370-1000 -> {szukaj.gazeta.pl} URL = http://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms} BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File CustomCLSID: HKU\S-1-5-21-2184118066-859118458-687225370-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2184118066-859118458-687225370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2184118066-859118458-687225370-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2184118066-859118458-687225370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File C:\ProgramData\AVAST Software C:\Users\Robert\AppData\Local\Avg2014 C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\Robert\AppData\Roaming\Mozilla C:\Users\Robert\AppData\Roaming\TuneUp Software C:\Users\Default\AppData\Roaming\TuneUp Software C:\Users\Robert\Desktop\*_Sciagnij.pl.exe Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Robert\AppData\Local CMD: dir /a C:\Users\Robert\AppData\LocalLow CMD: dir /a C:\Users\Robert\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. Update Techgile => Service not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 => Value not found. HKU\S-1-5-21-2184118066-859118458-687225370-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1213b => Value not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key not found. "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found. "C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found. "HKLM\SOFTWARE\Policies\Google" => Key not found. HKU\S-1-5-21-2184118066-859118458-687225370-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2184118066-859118458-687225370-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value not found. HKU\S-1-5-21-2184118066-859118458-687225370-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2184118066-859118458-687225370-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. "HKU\S-1-5-21-2184118066-859118458-687225370-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found. "HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found. "HKU\S-1-5-21-2184118066-859118458-687225370-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C68463FC-2E20-492D-B129-C09640278F6B}" => Key not found. "HKCR\CLSID\{C68463FC-2E20-492D-B129-C09640278F6B}" => Key not found. "HKU\S-1-5-21-2184118066-859118458-687225370-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{szukaj.gazeta.pl}" => Key not found. "HKCR\CLSID\{szukaj.gazeta.pl}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found. "HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found. "HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key not found. "HKCR\PROTOCOLS\Handler\linkscanner" => Key not found. "HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found. "HKU\S-1-5-21-2184118066-859118458-687225370-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key not found. "HKU\S-1-5-21-2184118066-859118458-687225370-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key not found. "HKU\S-1-5-21-2184118066-859118458-687225370-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key not found. "HKU\S-1-5-21-2184118066-859118458-687225370-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key not found. "C:\ProgramData\AVAST Software" => File/Directory not found. "C:\Users\Robert\AppData\Local\Avg2014" => File/Directory not found. C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. Could not move "C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage*" => Scheduled to move on reboot. C:\Users\Robert\AppData\Roaming\Mozilla => Moved successfully. "C:\Users\Robert\AppData\Roaming\TuneUp Software" => File/Directory not found. "C:\Users\Default\AppData\Roaming\TuneUp Software" => File/Directory not found. "C:\Users\Robert\Desktop\*_Sciagnij.pl.exe" => File/Directory not found. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 ========= => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-03 19:15:48)<= ==> ATTENTION: System is not rebooted. C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. ==== End of Fixlog ====