Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-01-2015 03 Ran by Jarek at 2015-01-06 20:11:41 Run:1 Running from C:\Documents and Settings\Jarek\Pulpit\bbb Loaded Profile: Jarek (Available profiles: Jarek) Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** CloseProcesses: (Microsoft Corporation) C:\Windows\explorer.exe CreateRestorePoint: DeleteJunctionsInDirectory: C:\WINDOWS\$NtUninstallKB34492$ ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Secure\Icons\SecureIconsProvider.dll () HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [Otsics] => C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Otsics\tmpD2.exe [145256 2014-10-24] () HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [Ektion] => regsvr32.exe "C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Ektion\kbdcomex54.dll" HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [YjPack] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Otsics\AcroIEHelperShim.DLL" HKU\S-1-5-21-1417001333-746137067-839522115-1004\...\Run: [ChromeUpdate] => C:\Documents and Settings\Jarek\Dane aplikacji\FrameworkUpdate\ChromeUpdate.exe [233984 2014-11-26] (Company name goes here) Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) BootExecute: autocheck autochk /k:C * S2 SecurityCenterServer4196545509; "C:\WINDOWS\system32\deurge.exe" -service "C:\Documents and Settings\Jarek\Dane aplikacji\Aguhxyro\googy.exe" S2 ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys [X] U3 awdw3w0e; No ImagePath S0 Chl27; No ImagePath S3 ddxgb; \??\C:\DOCUME~1\Jarek\USTAWI~1\Temp\ddxgb.sys [X] S0 Hmq51; No ImagePath S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] S3 Video3D; No ImagePath HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Chl27.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmq51.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Chl27.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hmq51.sys => ""="Driver" Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = URLSearchHook: HKU\S-1-5-21-1417001333-746137067-839522115-1004 - (No Name) - {bfc39e47-d643-4dc2-aa1d-61377501c844} - No File Toolbar: HKU\.DEFAULT -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1417001333-746137067-839522115-1004_Classes\CLSID\{6835F21B-AD12-485C-A8FD-D7DF60C72A69}\InprocServer32 -> wbocx32.ocx No File CustomCLSID: HKU\S-1-5-21-1417001333-746137067-839522115-1004_Classes\CLSID\{6AC91CBD-DB47-406A-AF60-90F8150FA5B8}\InprocServer32 -> wbocx32.ocx No File FF Plugin: @videolan.org/vlc,version=0.8.6h -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\Documents and Settings\All Users\Dane aplikacji\Common Files C:\Documents and Settings\All Users\Dane aplikacji\InstallMate C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Secure C:\Documents and Settings\All Users\Dane aplikacji\PPLive C:\Documents and Settings\All Users\Dane aplikacji\SecuriSoft SARL C:\Documents and Settings\Jarek\Dane aplikacji\*.exe C:\Documents and Settings\Jarek\Dane aplikacji\.BitTornado C:\Documents and Settings\Jarek\Dane aplikacji\addpcs C:\Documents and Settings\Jarek\Dane aplikacji\Aguhxyro C:\Documents and Settings\Jarek\Dane aplikacji\atube C:\Documents and Settings\Jarek\Dane aplikacji\DAEMON Tools Lite C:\Documents and Settings\Jarek\Dane aplikacji\DMCache C:\Documents and Settings\Jarek\Dane aplikacji\FrameworkUpdate C:\Documents and Settings\Jarek\Dane aplikacji\iliveto C:\Documents and Settings\Jarek\Dane aplikacji\Moyea C:\Documents and Settings\Jarek\Dane aplikacji\Opera Software C:\Documents and Settings\Jarek\Dane aplikacji\PPLive C:\Documents and Settings\Jarek\Dane aplikacji\Publish Providers C:\Documents and Settings\Jarek\Dane aplikacji\Warez C:\Documents and Settings\Jarek\Dane aplikacji\WebCompiler3 C:\Documents and Settings\Jarek\Dane aplikacji\Xi C:\Documents and Settings\Jarek\Dane aplikacji\Ylgyas C:\Documents and Settings\Jarek\Dane aplikacji\Yzwexupa C:\Documents and Settings\Jarek\Pulpit\Icons\Programs\1\DAEMON Tools Pro.lnk C:\Documents and Settings\Jarek\Pulpit\Icons\Programs\1\YASU.exe.lnk C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\~wmrg C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Google\Chrome C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Ektion C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Otsics C:\Program Files\Mozilla Firefox\extensions C:\Program Files\mozilla firefox\plugins C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\system32\deurge.exe C:\WINDOWS\system32\klogon.dll Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Search Bar" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Search Page" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v SearchMigratedDefaultName /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v SearchMigratedDefaultURL /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: netsh winsock reset CMD: dir /a "C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji" CMD: dir /a C:\WINDOWS\$NtUninstallKB34492$ ***************** Processes closed successfully. C:\Windows\explorer.exe => No running process found Error: Restore point can only be created in normal mode.