Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014 Ran by radoslawt at 2014-12-19 13:19:42 Run:1 Running from C:\Users\RadoslawT.ELKAR\Desktop\Pobrane Loaded Profile: radoslawt (Available profiles: tomaszw & radoslawt & krzysztofs & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2636827988-668989614-3064574600-1115\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.4.0.13 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-21-2636827988-668989614-3064574600-1115\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.4.0.13 BHO-x32: NORTON Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\NORTON 360\Engine\21.6.0.32\coIEPlg.dll No File BHO-x32: NORTON Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\NORTON 360\Engine\21.6.0.32\IPS\IPSBHO.DLL No File BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File HKU\S-1-5-21-2636827988-668989614-3064574600-1115\Software\Classes\.exe: exefile => <===== ATTENTION! HKU\S-1-5-21-2636827988-668989614-3064574600-1115\Software\Classes\exefile: <===== ATTENTION! Task: {5784827B-7C33-4D14-B5DB-9F5F630B685B} - System32\Tasks\{80899BCE-E5E4-405F-8D28-F9E2D95F2E6E} => pcalua.exe -a C:\Users\RadoslawT.ELKAR\DOWNLOADS\RegCleaner4.3.0.780_www.INSTALKI.pl.exe -d C:\Users\RadoslawT.ELKAR\DOWNLOADS Task: {9B51166A-906C-4CFE-A300-3DC6C40D21C4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2636827988-668989614-3064574600-1115Core => C:\Users\RadoslawT.ELKAR\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {9DD9063C-5646-4434-8EBB-8A6FB1700764} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2636827988-668989614-3064574600-1115UA => C:\Users\RadoslawT.ELKAR\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {B326C34B-08BC-4C58-B568-4B5274AD3A2A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe Task: {B9EAB8D4-D522-4EB0-9279-FCA379BA841E} - System32\Tasks\bench-S-1-5-21-2636827988-668989614-3064574600-1115 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION BootExecute: autocheck autochk * sdnclean64.exe AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 gfiark; system32\drivers\gfiark.sys [X] S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] C:\Program Files (x86)\Spybot - Search & Destroy 2 C:\ProgramData\Spybot - Search & Destroy C:\Users\krzysztofs\Desktop\RegCleaner.lnk C:\Users\RadoslawT\Desktop\RegCleaner.lnk C:\Users\RadoslawT.ELKAR\Downloads\SpyHunter-Installer.exe C:\Windows\system32\Drivers\kgpcpy.cfg C:\Windows\system32\log C:\Windows\System32\Tasks\Safer-Networking Hosts: DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2636827988-668989614-3064574600-1115\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2636827988-668989614-3064574600-1115\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => Error deleting key. The key could be protected. "HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => Error deleting key. The key could be protected. "HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found. "HKU\S-1-5-21-2636827988-668989614-3064574600-1115\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-21-2636827988-668989614-3064574600-1115\Software\Classes\.exe" => Key deleted successfully. "HKU\S-1-5-21-2636827988-668989614-3064574600-1115\Software\Classes\exefile" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5784827B-7C33-4D14-B5DB-9F5F630B685B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5784827B-7C33-4D14-B5DB-9F5F630B685B}" => Key deleted successfully. C:\Windows\System32\Tasks\{80899BCE-E5E4-405F-8D28-F9E2D95F2E6E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{80899BCE-E5E4-405F-8D28-F9E2D95F2E6E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B51166A-906C-4CFE-A300-3DC6C40D21C4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B51166A-906C-4CFE-A300-3DC6C40D21C4}" => Key deleted successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2636827988-668989614-3064574600-1115Core => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2636827988-668989614-3064574600-1115Core" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DD9063C-5646-4434-8EBB-8A6FB1700764}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DD9063C-5646-4434-8EBB-8A6FB1700764}" => Key deleted successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2636827988-668989614-3064574600-1115UA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2636827988-668989614-3064574600-1115UA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B326C34B-08BC-4C58-B568-4B5274AD3A2A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B326C34B-08BC-4C58-B568-4B5274AD3A2A}" => Key deleted successfully. C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9EAB8D4-D522-4EB0-9279-FCA379BA841E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9EAB8D4-D522-4EB0-9279-FCA379BA841E}" => Key deleted successfully. C:\Windows\System32\Tasks\bench-S-1-5-21-2636827988-668989614-3064574600-1115 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-2636827988-668989614-3064574600-1115" => Key deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} => The item is protected. Make sure the software is uninstalled and its services is removed. gdrv => Service deleted successfully. gfiark => Service deleted successfully. sbapifs => Service deleted successfully. C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully. C:\ProgramData\Spybot - Search & Destroy => Moved successfully. C:\Users\krzysztofs\Desktop\RegCleaner.lnk => Moved successfully. C:\Users\RadoslawT\Desktop\RegCleaner.lnk => Moved successfully. C:\Users\RadoslawT.ELKAR\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Windows\system32\Drivers\kgpcpy.cfg => Moved successfully. C:\Windows\system32\log => Moved successfully. C:\Windows\System32\Tasks\Safer-Networking => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking => Failed to delete key at first attempt (Error: C0000121), see next line. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking => Key Deleted Successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 97.6 MB temporary data. The system needed a reboot. ==== End of Fixlog ====