Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01 Ran by ppp at 2014-12-17 11:43:10 Run:1 Running from C:\Users\ppp\Desktop\Fixitpc-pl Bang64 SpringgSpringg Loaded Profile: ppp (Available profiles: ppp) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S2 Update Rock Turner; "C:\Program Files (x86)\Rock Turner\updateRockTurner.exe" [X] S2 Util Rock Turner; "C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe" [X] Task: {29DC6E06-25D0-48F0-8695-6733BD119C44} - System32\Tasks\{AA4DAA84-33A1-48C9-8139-C0621FFCE833} => pcalua.exe -a D:\SETUP.EXE -d D:\ Task: {2FC00511-8220-438F-B988-1B555D3EEA5B} - System32\Tasks\{478F8840-7ED6-4F0A-95C0-EFB0AC6460E2} => C:\Users\ppp\Downloads\N360-TW-21.0.0-EN(1).exe Task: {46F11A4F-F52E-4AD4-BEFF-2E738EE0DEEF} - \RegClean Pro_UPDATES No Task File <==== ATTENTION Task: {60F456E1-4E9A-4244-A414-322A3F460942} - System32\Tasks\{2621CA98-AFCA-40AE-9113-B59D6884337D} => C:\Users\ppp\Downloads\N360-TW-21.0.0-EN(1).exe Task: {6858C71A-3E57-481B-AEEC-C74BB499B7EF} - System32\Tasks\{7DAB3B29-D5AC-4899-9721-340D67FE36DD} => C:\Users\ppp\Downloads\Google_Drive_Sciagnij.pl.exe [2014-05-22] () Task: {6BE5F5C9-3160-4979-A57F-256F80ACC16C} - System32\Tasks\{A27E26E5-354B-4B5B-9CE9-B26116747095} => pcalua.exe -a C:\Users\ppp\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor Task: {6C8DAA59-211D-4FED-BB44-247FDD8674CD} - System32\Tasks\{1CAF65B0-53D8-4CBF-9476-D2B256787B7E} => C:\Users\ppp\Downloads\N360-TW-21.0.0-EN(1).exe Task: {6FD379EA-4D23-4C1D-B7C2-0EE2FA14C892} - System32\Tasks\{B6D01BC9-ABE7-4FE9-914A-E4A797B08F34} => C:\Users\ppp\Desktop\Nowy folder\SETUP.EXE Task: {9D111092-63F4-49FF-B920-F4DF89FE719A} - System32\Tasks\{B07DEC2F-E2A7-4089-AFCD-8D765604AD8C} => pcalua.exe -a H:\SETUP.EXE -d H:\ Task: {A7647A57-EDA4-446C-AA69-3793E2E6612C} - System32\Tasks\RegClean Prosch => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: {C22D51CE-BCCA-4791-BE0E-CFE2A53E7A13} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION Task: C:\Windows\Tasks\RegClean Prosch.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1417511556&from=cor&uid=ST1000DL002-9TT153_W1V0XXAAXXXXW1V0XXAA" CHR HKU\S-1-5-21-3130494160-1199666095-3665619860-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-3130494160-1199666095-3665619860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=n360&pvid=21.5.0.19 SearchScopes: HKLM-x32 -> DefaultScope value is missing. ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan C:\Program Files (x86)\AskPartnerNetwork C:\Users\ppp\AppData\Local\AskPartnerNetwork C:\Users\ppp\AppData\Roaming\ESET C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recuva C:\Users\ppp\AppData\Roaming\Opera Software C:\Users\ppp\AppData\Roaming\RHEng C:\Users\ppp\AppData\Roaming\rmi C:\Users\ppp\AppData\Roaming\WebTest C:\Users\ppp\Desktop\Programy\avast! Free Antivirus.lnk C:\Users\ppp\Desktop\Programy\Norton 360.lnk C:\Users\ppp\Desktop\Programy\RegClean Pro.lnk C:\Users\ppp\Desktop\Programy\SpeedFan.lnk C:\Users\ppp\Downloads\Google_Drive_Sciagnij.pl.exe Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Update Rock Turner => Service deleted successfully. Util Rock Turner => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29DC6E06-25D0-48F0-8695-6733BD119C44}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29DC6E06-25D0-48F0-8695-6733BD119C44}" => Key deleted successfully. C:\Windows\System32\Tasks\{AA4DAA84-33A1-48C9-8139-C0621FFCE833} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AA4DAA84-33A1-48C9-8139-C0621FFCE833}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FC00511-8220-438F-B988-1B555D3EEA5B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FC00511-8220-438F-B988-1B555D3EEA5B}" => Key deleted successfully. C:\Windows\System32\Tasks\{478F8840-7ED6-4F0A-95C0-EFB0AC6460E2} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{478F8840-7ED6-4F0A-95C0-EFB0AC6460E2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46F11A4F-F52E-4AD4-BEFF-2E738EE0DEEF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46F11A4F-F52E-4AD4-BEFF-2E738EE0DEEF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60F456E1-4E9A-4244-A414-322A3F460942}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60F456E1-4E9A-4244-A414-322A3F460942}" => Key deleted successfully. C:\Windows\System32\Tasks\{2621CA98-AFCA-40AE-9113-B59D6884337D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2621CA98-AFCA-40AE-9113-B59D6884337D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6858C71A-3E57-481B-AEEC-C74BB499B7EF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6858C71A-3E57-481B-AEEC-C74BB499B7EF}" => Key deleted successfully. C:\Windows\System32\Tasks\{7DAB3B29-D5AC-4899-9721-340D67FE36DD} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DAB3B29-D5AC-4899-9721-340D67FE36DD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BE5F5C9-3160-4979-A57F-256F80ACC16C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BE5F5C9-3160-4979-A57F-256F80ACC16C}" => Key deleted successfully. C:\Windows\System32\Tasks\{A27E26E5-354B-4B5B-9CE9-B26116747095} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A27E26E5-354B-4B5B-9CE9-B26116747095}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C8DAA59-211D-4FED-BB44-247FDD8674CD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C8DAA59-211D-4FED-BB44-247FDD8674CD}" => Key deleted successfully. C:\Windows\System32\Tasks\{1CAF65B0-53D8-4CBF-9476-D2B256787B7E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1CAF65B0-53D8-4CBF-9476-D2B256787B7E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FD379EA-4D23-4C1D-B7C2-0EE2FA14C892}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FD379EA-4D23-4C1D-B7C2-0EE2FA14C892}" => Key deleted successfully. C:\Windows\System32\Tasks\{B6D01BC9-ABE7-4FE9-914A-E4A797B08F34} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B6D01BC9-ABE7-4FE9-914A-E4A797B08F34}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D111092-63F4-49FF-B920-F4DF89FE719A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D111092-63F4-49FF-B920-F4DF89FE719A}" => Key deleted successfully. C:\Windows\System32\Tasks\{B07DEC2F-E2A7-4089-AFCD-8D765604AD8C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B07DEC2F-E2A7-4089-AFCD-8D765604AD8C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7647A57-EDA4-446C-AA69-3793E2E6612C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7647A57-EDA4-446C-AA69-3793E2E6612C}" => Key deleted successfully. C:\Windows\System32\Tasks\RegClean Prosch => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Prosch" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C22D51CE-BCCA-4791-BE0E-CFE2A53E7A13}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C22D51CE-BCCA-4791-BE0E-CFE2A53E7A13}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT" => Key deleted successfully. C:\Windows\Tasks\RegClean Prosch.job => Moved successfully. Chrome StartupUrls deleted successfully. "HKU\S-1-5-21-3130494160-1199666095-3665619860-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-3130494160-1199666095-3665619860-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan => Moved successfully. "C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found. "C:\Users\ppp\AppData\Local\AskPartnerNetwork" => File/Directory not found. C:\Users\ppp\AppData\Roaming\ESET => Moved successfully. C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin => Moved successfully. C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recuva => Moved successfully. C:\Users\ppp\AppData\Roaming\Opera Software => Moved successfully. C:\Users\ppp\AppData\Roaming\RHEng => Moved successfully. C:\Users\ppp\AppData\Roaming\rmi => Moved successfully. C:\Users\ppp\AppData\Roaming\WebTest => Moved successfully. C:\Users\ppp\Desktop\Programy\avast! Free Antivirus.lnk => Moved successfully. C:\Users\ppp\Desktop\Programy\Norton 360.lnk => Moved successfully. C:\Users\ppp\Desktop\Programy\RegClean Pro.lnk => Moved successfully. C:\Users\ppp\Desktop\Programy\SpeedFan.lnk => Moved successfully. C:\Users\ppp\Downloads\Google_Drive_Sciagnij.pl.exe => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 813.1 MB temporary data. The system needed a reboot. ==== End of Fixlog ====