Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014 Ran by Miłosz at 2014-12-19 10:07:52 Run:1 Running from C:\Users\Miłosz\Desktop Loaded Profile: Miłosz (Available profiles: Miłosz) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R2 MaintainerSvc2.65.3980626; C:\ProgramData\ee70f246-63a3-464e-a2ed-28bc4d8db631\maintainer.exe [123624 2014-11-26] () S3 MSICDSetup; \??\F:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X] Task: {2F436339-EDBA-4B22-8EC3-57CD6D65DE88} - System32\Tasks\{2D04FA16-46D5-4325-A3EA-3B30F6BE855B} => pcalua.exe -a C:\Users\Miłosz\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor Task: {BFBE0887-64DA-4E32-9C90-FC81B7DAA8C1} - System32\Tasks\{D675D939-629F-41CC-A0DF-5B1C75D6B7FE} => C:\Users\Miłosz\Downloads\TeamSpeak3-Client-win32-3.0.16.exe [2014-09-12] (TeamSpeak Systems GmbH) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141126 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141126 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-1962678950-3458560985-80314582-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141126 C:\Program Files (x86)\257B0FD8-FEAC-4AA7-B6EC-09434303D699 C:\Program Files (x86)\rec_pl_1 C:\ProgramData\ee70f246-63a3-464e-a2ed-28bc4d8db631 C:\Users\Miłosz\AppData\Local\rec_pl_1 C:\Users\Miłosz\Downloads\*(*)-dp*.exe C:\Users\Miłosz\Downloads\*.exe.opdownload C:\Users\Miłosz\Downloads\*.rar.exe C:\Users\Miłosz\Downloads\yet_another_cleaner_cdls.exe Reg: reg import C:\Users\Miłosz\Desktop\FIX.REG Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. MaintainerSvc2.65.3980626 => Service deleted successfully. MSICDSetup => Service deleted successfully. NTIOLib_1_0_C => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F436339-EDBA-4B22-8EC3-57CD6D65DE88}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F436339-EDBA-4B22-8EC3-57CD6D65DE88}" => Key deleted successfully. C:\Windows\System32\Tasks\{2D04FA16-46D5-4325-A3EA-3B30F6BE855B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D04FA16-46D5-4325-A3EA-3B30F6BE855B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFBE0887-64DA-4E32-9C90-FC81B7DAA8C1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFBE0887-64DA-4E32-9C90-FC81B7DAA8C1}" => Key deleted successfully. C:\Windows\System32\Tasks\{D675D939-629F-41CC-A0DF-5B1C75D6B7FE} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D675D939-629F-41CC-A0DF-5B1C75D6B7FE}" => Key deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1962678950-3458560985-80314582-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. C:\Program Files (x86)\257B0FD8-FEAC-4AA7-B6EC-09434303D699 => Moved successfully. C:\Program Files (x86)\rec_pl_1 => Moved successfully. C:\ProgramData\ee70f246-63a3-464e-a2ed-28bc4d8db631 => Moved successfully. C:\Users\Miłosz\AppData\Local\rec_pl_1 => Moved successfully. C:\Users\Miłosz\Downloads\*(*)-dp*.exe => Moved successfully. C:\Users\Miłosz\Downloads\*.exe.opdownload => Moved successfully. C:\Users\Miłosz\Downloads\*.rar.exe => Moved successfully. C:\Users\Miłosz\Downloads\yet_another_cleaner_cdls.exe => Moved successfully. ========= reg import C:\Users\Miłosz\Desktop\FIX.REG ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 552.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====