Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Marcinek at 2014-12-16 18:04:43 Run:1
Running from F:\new
Loaded Profile: Marcinek (Available profiles: Marcinek)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\...\Run: [nvxasync] => C:\Users\Marcinek\AppData\Roaming\nvxasync\nvxasync.exe [142679040 2014-12-07] ()
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142679040 2014-12-07] () <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.onet.pl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.onet.pl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.onet.pl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-2106215166-627046832-3064983697-1001 -> 872BAC5B89A048ACB67BD7A82275C53B URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2106215166-627046832-3064983697-1001 -> {184CE823-A5CB-4281-B074-3989133ACA11} URL = http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2106215166-627046832-3064983697-1001 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL =
SearchScopes: HKU\S-1-5-21-2106215166-627046832-3064983697-1001 -> {EB0ECFCF-19BE-4038-BEE7-5C935107440A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-2106215166-627046832-3064983697-1001 -> {EDE103DA-CC2F-42BE-A6BA-4823336B7BDC} URL = http://www.idg.pl?q={searchTerms}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Task: {377B90E7-6344-468B-8F27-12C3F048B769} - System32\Tasks\{7690B874-BE3B-45E4-99D9-72C3305ECCE2} => pcalua.exe -a F:\Pobrane\vs_emulator.exe -d F:\Pobrane
Task: {3875E1E4-D95A-4459-B84E-D87D450970DB} - System32\Tasks\{439BB14A-606C-4365-8AE0-389AA3FB6D31} => pcalua.exe -a F:\Pobrane\vcredist_x86.exe -d F:\Pobrane
Task: {42C679AC-B28D-472C-94E4-BE7E13EAFCA1} - System32\Tasks\{AE083B0E-FFB3-4BF8-8696-2E95D34F580A} => pcalua.exe -a D:\INTRO.EXE -d D:\
Task: {94ED230D-D5BA-4F8A-9DB6-784F3829CBBE} - System32\Tasks\{5C03ABBF-F447-422F-876B-DC148093E72E} => pcalua.exe -a C:\Users\Marcinek\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\Marcinek\Downloads
Task: {CF48426F-89A1-4219-ABCA-E6E44DEA22CC} - System32\Tasks\{2C5899DB-3837-4D8C-879F-B2146BE5B165} => pcalua.exe -a F:\Pobrane\Shockwave_Installer_Slim(1).exe -d F:\Pobrane
Task: {D4714768-458E-4E29-9499-8416AD240800} - System32\Tasks\{65817472-C58A-4B7B-AC18-B7CB65038F47} => D:\INSTALUJ.EXE
Task: {F0E8FBEB-4AD5-4363-9FBE-E6B548D4A1EE} - System32\Tasks\{D35874CC-F5A9-4B52-8C42-03F881AE39B2} => pcalua.exe -a F:\Pobrane\vcredist_x64.exe -d F:\Pobrane
Task: {F3DD4DCB-8114-42AC-8470-451525B808F0} - System32\Tasks\{38009BCC-CDB3-4F39-AA17-AD56CF749B39} => D:\INSTALUJ.EXE
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Classes\.exe: exefile => <===== ATTENTION!
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
C:\Program Files (x86)\IObit
C:\ProgramData\nvxasync
C:\Users\Marcinek\AppData\Roaming\fpacked.exe
C:\Users\Marcinek\AppData\Roaming\fportable
C:\Users\Marcinek\AppData\Roaming\nvxasync
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CMD: type C:\Users\Marcinek\AppData\Roaming\Mozilla\Firefox\Profiles\d7zv33sz.default\searchplugins\starter.xml
EmptyTemp:
*****************

Processes closed successfully.
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Windows\CurrentVersion\Run\\nvxasync => value deleted successfully.
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\872BAC5B89A048ACB67BD7A82275C53B" => Key deleted successfully.
"HKCR\CLSID\872BAC5B89A048ACB67BD7A82275C53B" => Key not found.
"HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{184CE823-A5CB-4281-B074-3989133ACA11}" => Key deleted successfully.
"HKCR\CLSID\{184CE823-A5CB-4281-B074-3989133ACA11}" => Key not found.
"HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{828B376B-F2F6-4778-928C-E29EC877535E}" => Key deleted successfully.
"HKCR\CLSID\{828B376B-F2F6-4778-928C-E29EC877535E}" => Key not found.
"HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB0ECFCF-19BE-4038-BEE7-5C935107440A}" => Key deleted successfully.
"HKCR\CLSID\{EB0ECFCF-19BE-4038-BEE7-5C935107440A}" => Key not found.
"HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDE103DA-CC2F-42BE-A6BA-4823336B7BDC}" => Key deleted successfully.
"HKCR\CLSID\{EDE103DA-CC2F-42BE-A6BA-4823336B7BDC}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{377B90E7-6344-468B-8F27-12C3F048B769}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377B90E7-6344-468B-8F27-12C3F048B769}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7690B874-BE3B-45E4-99D9-72C3305ECCE2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7690B874-BE3B-45E4-99D9-72C3305ECCE2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3875E1E4-D95A-4459-B84E-D87D450970DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3875E1E4-D95A-4459-B84E-D87D450970DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{439BB14A-606C-4365-8AE0-389AA3FB6D31} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{439BB14A-606C-4365-8AE0-389AA3FB6D31}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42C679AC-B28D-472C-94E4-BE7E13EAFCA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42C679AC-B28D-472C-94E4-BE7E13EAFCA1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AE083B0E-FFB3-4BF8-8696-2E95D34F580A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE083B0E-FFB3-4BF8-8696-2E95D34F580A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94ED230D-D5BA-4F8A-9DB6-784F3829CBBE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94ED230D-D5BA-4F8A-9DB6-784F3829CBBE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5C03ABBF-F447-422F-876B-DC148093E72E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C03ABBF-F447-422F-876B-DC148093E72E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF48426F-89A1-4219-ABCA-E6E44DEA22CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF48426F-89A1-4219-ABCA-E6E44DEA22CC}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2C5899DB-3837-4D8C-879F-B2146BE5B165} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2C5899DB-3837-4D8C-879F-B2146BE5B165}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4714768-458E-4E29-9499-8416AD240800}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4714768-458E-4E29-9499-8416AD240800}" => Key deleted successfully.
C:\Windows\System32\Tasks\{65817472-C58A-4B7B-AC18-B7CB65038F47} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{65817472-C58A-4B7B-AC18-B7CB65038F47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0E8FBEB-4AD5-4363-9FBE-E6B548D4A1EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0E8FBEB-4AD5-4363-9FBE-E6B548D4A1EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D35874CC-F5A9-4B52-8C42-03F881AE39B2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D35874CC-F5A9-4B52-8C42-03F881AE39B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3DD4DCB-8114-42AC-8470-451525B808F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3DD4DCB-8114-42AC-8470-451525B808F0}" => Key deleted successfully.
C:\Windows\System32\Tasks\{38009BCC-CDB3-4F39-AA17-AD56CF749B39} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{38009BCC-CDB3-4F39-AA17-AD56CF749B39}" => Key deleted successfully.
"HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Classes\.exe" => Key deleted successfully.
LiveUpdateSvc => Service deleted successfully.
iSafeKrnlBoot => Service not found.
sbapifs => Service deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\ProgramData\nvxasync => Moved successfully.
C:\Users\Marcinek\AppData\Roaming\fpacked.exe => Moved successfully.
C:\Users\Marcinek\AppData\Roaming\fportable => Moved successfully.
C:\Users\Marcinek\AppData\Roaming\nvxasync => Moved successfully.

========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


=========  type C:\Users\Marcinek\AppData\Roaming\Mozilla\Firefox\Profiles\d7zv33sz.default\searchplugins\starter.xml =========

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/">
<os:ShortName>SurfVox</os:ShortName>
<os:Description>SurfVox</os:Description>
<os:InputEncoding>UTF-8</os:InputEncoding>
<os:Image width="16" height="16">data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB94FCBIaD9aE4DQAAAHFSURBVDjLnZNNSFRRGIaf79w74iRJP0NmKiTRahYStUkUCaIIXUQQA0W0KGqgnbMSKdQWtWvRSlBwORCJEoTQKlpU4BSEhFHEhJMOjQ2DA87PvfecFndgyLna0Lc7h/O+H+/PEWJvNYjwP2OMsXcFawNVDZ6p34UUtKj6WUTsQLCjmbregzZwcyjC8UgrS58KTL/6xcL7PKj6TtUAdjXJxEmyBYeJZIbeWx9I5yr0HGph4c3mX+BgAkuI9Uf4kauAJRC2eLy4TrR7H/sPhBqeq938ORdt930AvmbLABSLbhMEGp683CAxcoxTJ9qg6jE63MmlR6tgSxMEljA6k2Zo8jOXzxzEzPfzIpVn6WMhMDAh9s4EanA1GDDPz/ItW+b02ApbJa8JAlczEG3n3sUOMvkqjgeJ4aOICJ3xFL+L3h4ExhC/0MH9K1103U6BAEoIt1qkn/axuFzgzvT3PXpQ0Uxd7Wbudc43zFaghFJV83B+HSsgM7XTwJW1be6eP0Jb2PKr7GjYdrk2cJgHzzINRWrwwLaE2XgvNwYjrP4s8WWjzFbJYzy5RmbT8WX9MwWv9pG08TeGanICxsYYg+wIuFbhZuYPKPCmDPObUHYAAAAASUVORK5CYII=</os:Image>
<SearchForm>http://surfvox.com</SearchForm>
<os:Url type="text/html" method="GET" template="http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&amp;ie=UTF-8&amp;q={searchTerms}&amp;sa=Search&amp;ref=#gsc.tab=0&amp;gsc.q={searchTerms}&amp;gsc.page=1">
</os:Url><os:Url type="application/opensearchdescription+xml" method="GET" template="http://mycroftproject.com/updateos.php/id0/surfvox_999.xml" rel="self">
</os:Url>
</SearchPlugin>
========= End of CMD: =========

EmptyTemp: => Removed 613.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====