Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014 Ran by Karla at 2014-12-03 18:34:51 Run:2 Running from C:\Users\Karla\Downloads Loaded Profile: Karla (Available profiles: Marek & Karla) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKU\S-1-5-21-431021187-217253523-1019275998-1003 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X] C:\ProgramData\AVAST Software C:\ProgramData\Temp C:\Users\Karla\AppData\Roaming\eIntaller C:\Users\Karla\AppData\Roaming\iPlus C:\Users\Karla\AppData\Roaming\Thunderbird C:\Users\Marek\AppData\Roaming\iFree C:\Users\Marek\AppData\Roaming\iPlus C:\Users\Marek\AppData\Roaming\Patcher C:\Users\Marek\AppData\Roaming\PrimoPDF C:\Users\Marek\AppData\Roaming\Systweak Hosts: CMD: netsh advfirewall reset Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\Main" Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main" EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key deleted successfully. "HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKU\S-1-5-21-431021187-217253523-1019275998-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => value deleted successfully. "HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}" => Key not found. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value deleted successfully. HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found. atillk64 => Service deleted successfully. C:\ProgramData\AVAST Software => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\Users\Karla\AppData\Roaming\eIntaller => Moved successfully. C:\Users\Karla\AppData\Roaming\iPlus => Moved successfully. C:\Users\Karla\AppData\Roaming\Thunderbird => Moved successfully. C:\Users\Marek\AppData\Roaming\iFree => Moved successfully. C:\Users\Marek\AppData\Roaming\iPlus => Moved successfully. C:\Users\Marek\AppData\Roaming\Patcher => Moved successfully. C:\Users\Marek\AppData\Roaming\PrimoPDF => Moved successfully. C:\Users\Marek\AppData\Roaming\Systweak => Moved successfully. Hosts was reset successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\Main" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main AutoHide REG_SZ yes Security Risk Page REG_SZ about:SecurityRisk Extensions Off Page REG_SZ about:NoAdd-ons Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896 Default_Page_URL REG_SZ www.google.com Anchor_Visitation_Horizon REG_BINARY 01000000 Cache_Percent_of_Disk REG_BINARY 0A000000 Placeholder_Width REG_BINARY 1A000000 Placeholder_Height REG_BINARY 1A000000 Default_Secondary_Page_URL REG_MULTI_SZ Use_Async_DNS REG_SZ yes Start Page REG_SZ www.google.com Local Page REG_SZ C:\Windows\System32\blank.htm Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit REG_SZ yes Enable_Disk_Cache REG_SZ yes TabProcGrowth REG_SZ Medium Print_Background REG_DWORD 0x0 AlwaysShowMenus REG_DWORD 0x0 StatusBarWeb REG_DWORD 0x1 ApplicationTileImmersiveActivation REG_DWORD 0x1 AssociationActivationMode REG_DWORD 0x0 x86AppPath REG_SZ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main AutoHide REG_SZ yes Security Risk Page REG_SZ about:SecurityRisk Extensions Off Page REG_SZ about:NoAdd-ons Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896 Default_Page_URL REG_SZ Anchor_Visitation_Horizon REG_BINARY 01000000 Cache_Percent_of_Disk REG_BINARY 0A000000 Placeholder_Width REG_BINARY 1A000000 Placeholder_Height REG_BINARY 1A000000 Default_Secondary_Page_URL REG_MULTI_SZ Use_Async_DNS REG_SZ yes Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157 Local Page REG_SZ C:\Windows\SysWOW64\blank.htm Search Page REG_SZ http://www.google.com Delete_Temp_Files_On_Exit REG_SZ yes Enable_Disk_Cache REG_SZ yes TabProcGrowth REG_SZ Medium Print_Background REG_DWORD 0x0 AlwaysShowMenus REG_DWORD 0x0 StatusBarWeb REG_DWORD 0x1 Enable Browser Extensions REG_SZ yes Use Search Asst REG_SZ no Check_Associations REG_SZ yes ApplicationTileImmersiveActivation REG_DWORD 0x1 AssociationActivationMode REG_DWORD 0x0 x86AppPath REG_SZ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Search Bar REG_SZ http://www.google.com Start Page Redirect Cache REG_SZ http://www.google.com NewTabPageShow REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\ErrorThresholds HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\UrlTemplate ========= End of Reg: ========= EmptyTemp: => Removed 1.9 GB temporary data. The system needed a reboot. ==== End of Fixlog ====