Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02 Ran by Marcinek at 2015-01-14 16:54:34 Run:1 Running from H:\x Loaded Profile: Marcinek (Available profiles: Marcinek) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** CloseProcesses: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2106215166-627046832-3064983697-1001\...\Run: [nvxasync] => C:\Users\Marcinek\AppData\Roaming\nvxasync\nvxasync.exe [142679040 2015-01-13] () HKU\S-1-5-21-2106215166-627046832-3064983697-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142679040 2015-01-13] () <==== ATTENTION HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/ SearchScopes: HKU\S-1-5-21-2106215166-627046832-3064983697-1001 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 SearchScopes: HKU\S-1-5-21-2106215166-627046832-3064983697-1001 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1 Task: {302F5EA3-1B20-446E-B433-8C2B4CDE2257} - System32\Tasks\{DBDD05BB-8B6B-480C-94E6-9E36F5085CA4} => pcalua.exe -a C:\Windows\unvise32.exe -d C:\Windows -c C:\PROGRA~2\TRAPCO~1.LOG C:\END C:\ProgramData\nvxasync C:\ProgramData\RWBYTE C:\Users\Marcinek\AppData\Roaming\fpacked.exe C:\Users\Marcinek\AppData\Roaming\fportable C:\Users\Marcinek\AppData\Roaming\nvxasync C:\Users\Marcinek\AppData\Roaming\mozilla\firefox\profiles\d7zv33sz.default C:\Users\Marcinek\AppData\Local\Google\Chrome\User Data\Default\Preferences Folder: C:\Users\Marcinek\Documents\Diablo III Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f EmptyTemp: ***************** Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Windows\CurrentVersion\Run\\nvxasync => value deleted successfully. HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. HKU\S-1-5-21-2106215166-627046832-3064983697-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2106215166-627046832-3064983697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{828B376B-F2F6-4778-928C-E29EC877535E}" => Key deleted successfully. HKCR\CLSID\{828B376B-F2F6-4778-928C-E29EC877535E} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{302F5EA3-1B20-446E-B433-8C2B4CDE2257}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{302F5EA3-1B20-446E-B433-8C2B4CDE2257}" => Key deleted successfully. C:\Windows\System32\Tasks\{DBDD05BB-8B6B-480C-94E6-9E36F5085CA4} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DBDD05BB-8B6B-480C-94E6-9E36F5085CA4}" => Key deleted successfully. C:\END => Moved successfully. C:\ProgramData\nvxasync => Moved successfully. C:\ProgramData\RWBYTE => Moved successfully. C:\Users\Marcinek\AppData\Roaming\fpacked.exe => Moved successfully. C:\Users\Marcinek\AppData\Roaming\fportable => Moved successfully. C:\Users\Marcinek\AppData\Roaming\nvxasync => Moved successfully. C:\Users\Marcinek\AppData\Roaming\mozilla\firefox\profiles\d7zv33sz.default => Moved successfully. C:\Users\Marcinek\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. ========================= Folder: C:\Users\Marcinek\Documents\Diablo III ======================== 2015-01-08 18:03 - 2015-01-13 17:49 - 0001317 _____ () C:\Users\Marcinek\Documents\Diablo III\D3Prefs.txt ====== End of Folder: ====== ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 13.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 16:56:23 ====