Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 Ran by Cezary at 2015-01-14 16:10:35 Run:1 Running from C:\Users\Cezary\Downloads Loaded Profile: Cezary (Available profiles: Cezary) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R1 {fe331f63-d0ef-486b-89da-478e619996a9}Gw64; C:\Windows\System32\drivers\{fe331f63-d0ef-486b-89da-478e619996a9}Gw64.sys [48784 2015-01-11] (StdLib) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-11] (Fuyu LIMITED) [File not signed] S2 Update ace race; "C:\Program Files (x86)\ace race\updateacerace.exe" [X] HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, HKU\S-1-5-21-2670501369-349292536-2203195984-1000\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-2670501369-349292536-2203195984-1000\...\Run: [zASRockInstantBoot] => [X] Task: {BAE81688-6D8C-4632-84D4-CFD2CDFCD7AB} - System32\Tasks\{3BBC28ED-7713-414E-AB1A-EDA1981220AB} => C:\Users\Cezary\Downloads\windows-xp-sp3-pl-9w1-ie8-wmp11-dx-net-final-full-kwiecien-2014-iso\Windows.XP.SP3.PL.9w1.IE8.WMP11.DX.NET.FINAL.FULL.Kwiecien.2014-NiKKA.iso\DODATKI\Jak.nagrac.instalator.XP.na.USB\WinSetupFromUSB-1-4\WinSetupFromUSB_1-4_x64.exe HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420985861&from=cor&uid=WDCXWD5000AAKS-007AA0_WD-WCATR837981979819&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1420985861&from=cor&uid=WDCXWD5000AAKS-007AA0_WD-WCATR837981979819&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420985861&from=cor&uid=WDCXWD5000AAKS-007AA0_WD-WCATR837981979819&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1420985861&from=cor&uid=WDCXWD5000AAKS-007AA0_WD-WCATR837981979819&q={searchTerms} SearchScopes: HKU\S-1-5-21-2670501369-349292536-2203195984-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKU\S-1-5-21-2670501369-349292536-2203195984-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKU\S-1-5-21-2670501369-349292536-2203195984-1000 -> {6F34B546-7B9E-452e-9D55-736986ACC34B} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms} Toolbar: HKU\S-1-5-21-2670501369-349292536-2203195984-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1420985861&from=cor&uid=WDCXWD5000AAKS-007AA0_WD-WCATR837981979819" C:\Program Files (x86)\ace race C:\Program Files (x86)\Temp C:\ProgramData\Norton C:\ProgramData\TEMP C:\ProgramData\WindowsMangerProtect C:\Users\Cezary\AppData\Local\Symantec C:\Users\Cezary\AppData\Roaming\omiga-plus C:\Users\Cezary\AppData\Roaming\Solvusoft C:\Users\Cezary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Games.lnk C:\Users\Cezary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk C:\Windows\system32\roboot64.exe C:\Windows\System32\drivers\{fe331f63-d0ef-486b-89da-478e619996a9}Gw64.sys C:\Windows\SysWOW64\*.tmp EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. {fe331f63-d0ef-486b-89da-478e619996a9}Gw64 => Service stopped successfully. {fe331f63-d0ef-486b-89da-478e619996a9}Gw64 => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. Update ace race => Service deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully. HKU\S-1-5-21-2670501369-349292536-2203195984-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => value deleted successfully. HKU\S-1-5-21-2670501369-349292536-2203195984-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAE81688-6D8C-4632-84D4-CFD2CDFCD7AB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE81688-6D8C-4632-84D4-CFD2CDFCD7AB}" => Key deleted successfully. C:\Windows\System32\Tasks\{3BBC28ED-7713-414E-AB1A-EDA1981220AB} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BBC28ED-7713-414E-AB1A-EDA1981220AB}" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2670501369-349292536-2203195984-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2670501369-349292536-2203195984-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2670501369-349292536-2203195984-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F34B546-7B9E-452e-9D55-736986ACC34B}" => Key deleted successfully. HKCR\CLSID\{6F34B546-7B9E-452e-9D55-736986ACC34B} => Key not found. HKU\S-1-5-21-2670501369-349292536-2203195984-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. Chrome StartupUrls deleted successfully. C:\Program Files (x86)\ace race => Moved successfully. C:\Program Files (x86)\Temp => Moved successfully. C:\ProgramData\Norton => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\Cezary\AppData\Local\Symantec => Moved successfully. C:\Users\Cezary\AppData\Roaming\omiga-plus => Moved successfully. C:\Users\Cezary\AppData\Roaming\Solvusoft => Moved successfully. "C:\Users\Cezary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Games.lnk" => File/Directory not found. "C:\Users\Cezary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk" => File/Directory not found. C:\Windows\system32\roboot64.exe => Moved successfully. C:\Windows\System32\drivers\{fe331f63-d0ef-486b-89da-478e619996a9}Gw64.sys => Moved successfully. C:\Windows\SysWOW64\*.tmp => Moved successfully. EmptyTemp: => Removed 1 GB temporary data. The system needed a reboot. ==== End of Fixlog 16:11:08 ====