Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01 Ran by Dorota at 2015-01-29 14:16:47 Run:1 Running from C:\Users\Dorota\Downloads Loaded Profiles: Dorota & UpdatusUser (Available profiles: Dorota & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\...\Run: [Infor Organizer] => "C:\Program Files\Infor PL\Infor Organizer\Infor.Organizer.exe" HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-2475440314-2936318858-1982231046-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-22] Task: {3FC151C5-711D-46A0-B1B8-54160DDEF226} - System32\Tasks\{377BB847-8F2B-460C-AF7D-6A0B717EC9B7} => pcalua.exe -a F:\SETUP.EXE -d F:\ S3 catchme; \??\C:\Users\Dorota\AppData\Local\Temp\catchme.sys [X] C:\Windows\system32\Drivers\PROCEXP113.SYS RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\ProgramData\Kaspersky Lab RemoveDirectory: C:\Qoobox Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: ipconfig /flushdns EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Infor Organizer => value deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-21-2475440314-2936318858-1982231046-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-2475440314-2936318858-1982231046-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => Key deleted successfully. Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FC151C5-711D-46A0-B1B8-54160DDEF226}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FC151C5-711D-46A0-B1B8-54160DDEF226}" => Key deleted successfully. C:\Windows\System32\Tasks\{377BB847-8F2B-460C-AF7D-6A0B717EC9B7} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{377BB847-8F2B-460C-AF7D-6A0B717EC9B7}" => Key deleted successfully. catchme => Service deleted successfully. C:\Windows\system32\Drivers\PROCEXP113.SYS => Moved successfully. "C:\AdwCleaner" => Removed successfully. "C:\ProgramData\Kaspersky Lab" => Removed successfully. "C:\Qoobox" => Removed successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy�lnie opr��niono pami�� podr�czn� programu rozpoznawania nazw DNS. ========= End of CMD: ========= EmptyTemp: => Removed 269.9 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-29 14:19:10)<= "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => File could not move. ==== End of Fixlog 14:19:11 ====