Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015 Ran by Kamil at 2015-01-08 22:47:37 Run:1 Running from C:\Users\Kamil\Desktop Loaded Profile: Kamil (Available profiles: Kamil) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\RunOnce: [Chrome] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Chrome.VBE" <===== ATTENTION HKU\S-1-5-21-3957041923-2222250137-705892869-1000\...\RunOnce: [Chrome] => wscript.exe //B "C:\Users\Kamil\AppData\Local\Temp\Chrome.VBE" <===== ATTENTION Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome.VBE () Toolbar: HKU\S-1-5-21-3957041923-2222250137-705892869-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File S3 cleanhlp; \??\C:\Program Files\Ashampoo\Ashampoo Anti-Virus\cleanhlp64.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" Task: {1A1E5C66-2CA5-4102-A7F4-2E26DB453DBB} - System32\Tasks\e-pity2013_styczen => F:\Saved Games\e-pity2013\Assets\signxml.exe Task: {239A77A4-25EC-4C7A-9F1E-020F71467B6B} - System32\Tasks\e-pity2013_kwiecien => F:\Saved Games\e-pity2013\Assets\signxml.exe Task: {A65A23A3-6FCB-4D7D-BD06-7347EF48789D} - System32\Tasks\{481F9C9E-8C8D-4143-8600-F4C7AEF09CA3} => pcalua.exe -a "C:\Users\Kamil\Desktop\Riva Tuner\RivaTuner224.exe" -d "C:\Users\Kamil\Desktop\Riva Tuner" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aktywator C:\Program Files (x86)\mozilla firefox C:\Users\Kamil\AppData\Roaming\mozilla C:\Windows\system32\Drivers\26ED58AC.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Chrome => value deleted successfully. HKU\S-1-5-21-3957041923-2222250137-705892869-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Chrome => value deleted successfully. C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome.VBE => Moved successfully. HKU\S-1-5-21-3957041923-2222250137-705892869-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. cleanhlp => Service deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A1E5C66-2CA5-4102-A7F4-2E26DB453DBB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A1E5C66-2CA5-4102-A7F4-2E26DB453DBB}" => Key deleted successfully. C:\Windows\System32\Tasks\e-pity2013_styczen => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2013_styczen" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{239A77A4-25EC-4C7A-9F1E-020F71467B6B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{239A77A4-25EC-4C7A-9F1E-020F71467B6B}" => Key deleted successfully. C:\Windows\System32\Tasks\e-pity2013_kwiecien => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2013_kwiecien" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A65A23A3-6FCB-4D7D-BD06-7347EF48789D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A65A23A3-6FCB-4D7D-BD06-7347EF48789D}" => Key deleted successfully. C:\Windows\System32\Tasks\{481F9C9E-8C8D-4143-8600-F4C7AEF09CA3} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{481F9C9E-8C8D-4143-8600-F4C7AEF09CA3}" => Key deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aktywator => Moved successfully. C:\Program Files (x86)\mozilla firefox => Moved successfully. C:\Users\Kamil\AppData\Roaming\mozilla => Moved successfully. C:\Windows\system32\Drivers\26ED58AC.sys => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 510.6 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:48:17 ====