Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014 Ran by Admin at 2014-12-13 22:52:37 Run:1 Running from C:\Users\Admin\Downloads Loaded Profile: Admin (Available profiles: Admin) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R2 ezGOSvc; C:\Windows\SysWOW64\ezGOSvc.dll [80256 2011-06-11] () NETSVC: ezGOSvc -> C:\Windows\SysWOW64\ezGOSvc.dll () HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => No File ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => No File ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => No File ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => No File BootExecute: autocheck autochk * URLSearchHook: HKU\S-1-5-21-3549357173-1526242869-3047463242-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKU\S-1-5-21-3549357173-1526242869-3047463242-1000 - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File SearchScopes: HKU\S-1-5-21-3549357173-1526242869-3047463242-1000 -> {6F7460B9-15FD-4C8A-A706-449DBAB5DF1E} URL = http://search.avg.com/route/?d=4de22af3&v=7.4.22.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us Toolbar: HKU\S-1-5-21-3549357173-1526242869-3047463242-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [] CHR HKLM-x32\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - C:\Users\Admin\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx [] FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File U4 bdselfpr; No ImagePath S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" AlternateDataStreams: C:\Users\Admin\Downloads\avg_free_x64_all_2015_5577a8546.exe:BDU AlternateDataStreams: C:\Users\Admin\Downloads\ccsetup419.exe:BDU AlternateDataStreams: C:\Users\Admin\Downloads\kss12.0.1.340_pl.exe:BDU AlternateDataStreams: C:\Users\Admin\Downloads\mbam-setup-2.0.3.1025.exe:BDU AlternateDataStreams: C:\Users\Admin\Downloads\msert.exe:BDU AlternateDataStreams: C:\Users\Admin\Downloads\RSIT.exe:BDU C:\Program Files (x86)\mozilla firefox\plugins C:\Program Files\Bitdefender C:\ProgramData\*.bdinstall.bin C:\ProgramData\TEMP C:\Users\Admin\AppData\Local\Avg2015 C:\Users\Admin\AppData\Roaming\AVG C:\Users\Admin\AppData\Roaming\AVG2013 C:\Users\Admin\AppData\Roaming\Bitdefender C:\Users\Admin\AppData\Roaming\FreeVideoConverter C:\Users\Admin\AppData\Roaming\QuickScan C:\Users\Admin\AppData\Roaming\TuneUp Software C:\Users\Admin\Downloads\AdwCleaner_*.exe C:\Users\Admin\Downloads\OTL*.exe C:\Windows\SysWOW64\ezGOSvc.dll Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f CMD: sc config "Mobile Broadband. RunOuc" start= disabled CMD: ipconfig /flushdns EmptyTemp: ***************** Processes closed successfully. ezGOSvc => Unable to stop service ezGOSvc => Service deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ezGOSvc => Deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox1" => Key deleted successfully. "HKCR\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox2" => Key deleted successfully. "HKCR\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox3" => Key deleted successfully. "HKCR\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}" => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\__SafeBox4" => Key deleted successfully. "HKCR\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}" => Key not found. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKU\S-1-5-21-3549357173-1526242869-3047463242-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value deleted successfully. HKU\S-1-5-21-3549357173-1526242869-3047463242-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} => value deleted successfully. "HKU\S-1-5-21-3549357173-1526242869-3047463242-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F7460B9-15FD-4C8A-A706-449DBAB5DF1E}" => Key deleted successfully. "HKCR\CLSID\{6F7460B9-15FD-4C8A-A706-449DBAB5DF1E}" => Key not found. HKU\S-1-5-21-3549357173-1526242869-3047463242-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully. "HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}" => Key deleted successfully. "HKCR\PROTOCOLS\Handler\gopher" => Key deleted successfully. "HKCR\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" => Key deleted successfully. "HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully. "HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found. HKLM\Software\Mozilla\Firefox\Extensions\\FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - => Value not found. HKLM\Software\Mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - => Value not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ffpwdman@bitdefender.com => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl" => Key not found. "C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj" => Key not found. "C:\Users\Admin\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx" => File/Directory not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader" => Key deleted successfully. bdselfpr => Service deleted successfully. ewusbnet => Service deleted successfully. Prot6Flt => Service deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => Key deleted successfully. C:\Users\Admin\Downloads\avg_free_x64_all_2015_5577a8546.exe => ":BDU" ADS removed successfully. C:\Users\Admin\Downloads\ccsetup419.exe => ":BDU" ADS removed successfully. C:\Users\Admin\Downloads\kss12.0.1.340_pl.exe => ":BDU" ADS removed successfully. C:\Users\Admin\Downloads\mbam-setup-2.0.3.1025.exe => ":BDU" ADS removed successfully. C:\Users\Admin\Downloads\msert.exe => ":BDU" ADS removed successfully. C:\Users\Admin\Downloads\RSIT.exe => ":BDU" ADS removed successfully. C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully. C:\Program Files\Bitdefender => Moved successfully. C:\ProgramData\*.bdinstall.bin => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Admin\AppData\Local\Avg2015 => Moved successfully. C:\Users\Admin\AppData\Roaming\AVG => Moved successfully. C:\Users\Admin\AppData\Roaming\AVG2013 => Moved successfully. C:\Users\Admin\AppData\Roaming\Bitdefender => Moved successfully. C:\Users\Admin\AppData\Roaming\FreeVideoConverter => Moved successfully. C:\Users\Admin\AppData\Roaming\QuickScan => Moved successfully. C:\Users\Admin\AppData\Roaming\TuneUp Software => Moved successfully. C:\Users\Admin\Downloads\AdwCleaner_*.exe => Moved successfully. C:\Users\Admin\Downloads\OTL*.exe => Moved successfully. C:\Windows\SysWOW64\ezGOSvc.dll => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoÅ„czona pomyÅ›lnie. ========= End of Reg: ========= ========= sc config "Mobile Broadband. RunOuc" start= disabled ========= [SC] ChangeServiceConfig SUKCES ========= End of CMD: ========= ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy˜lnie opr¢¾niono pami©† podr©czn¥ programu rozpoznawania nazw DNS. ========= End of CMD: ========= EmptyTemp: => Removed 604.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====