Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-01-2015 01 Ran by Krystian at 2015-02-01 00:52:42 Run:1 Running from C:\Users\Krystian\Downloads\Programs Loaded Profiles: Krystian (Available profiles: Krystian & KR) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 GEDaPsL; C:\ProgramData\YbbayXorNC\GEDaPsL.exe [2726256 2014-12-28] (Acute Angle Solutions Ltd) R2 WHService; C:\Users\Krystian\AppData\Roaming\WHService\wh.exe [628736 2014-10-15] () [File not signed] S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] HKU\S-1-5-21-622784062-384319640-2803719364-1009\...\Run: [SoftonicAssistant] => "C:\Users\Krystian\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe" Task: {44448D2D-7228-41F3-8240-9F246936AF31} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk GroupPolicyUsers\S-1-5-21-622784062-384319640-2803719364-1010\User: Group Policy restriction detected <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:59406;https=127.0.0.1:59406 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Krystian\AppData\LocalLow\IE-BHO\bho.dll No File C:\ProgramData\YbbayXorNC C:\Users\KR\AppData\Local\SafeWeb C:\Users\Krystian\setup.exe C:\Users\Krystian\AppData\Local\SafeWeb C:\Users\Krystian\AppData\Roaming\WHService C:\Users\Krystian\Downloads\*(*)-dp*.exe C:\Users\Krystian\Downloads\*paweldrivers.com.exe C:\Users\Krystian\Downloads\SoftonicDownloader_*.exe C:\Users\Krystian\Downloads\veetle-0.9.19.exe Reg: reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0025320D-4D37-4C73-9A5C-0C28F04068A3} /f Reg: reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0025320D-4D37-4C73-9A5C-0C28F04068A3} /f Reg: reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0025320D-4D37-4C73-9A5C-0C28F04068A3} /f Reg: reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0025320D-4D37-4C73-9A5C-0C28F04068A3} /f Reg: reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1010\Software\Softonic /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. GEDaPsL => Service deleted successfully. WHService => Service deleted successfully. AODDriver4.2.0 => Service deleted successfully. HKU\S-1-5-21-622784062-384319640-2803719364-1009\Software\Microsoft\Windows\CurrentVersion\Run\\SoftonicAssistant => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44448D2D-7228-41F3-8240-9F246936AF31}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44448D2D-7228-41F3-8240-9F246936AF31}" => Key deleted successfully. C:\Windows\System32\Tasks\iolo System Checkup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo System Checkup" => Key deleted successfully. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-622784062-384319640-2803719364-1010\User => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0025320D-4D37-4C73-9A5C-0C28F04068A3}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{0025320D-4D37-4C73-9A5C-0C28F04068A3}" => Key deleted successfully. C:\ProgramData\YbbayXorNC => Moved successfully. C:\Users\KR\AppData\Local\SafeWeb => Moved successfully. C:\Users\Krystian\setup.exe => Moved successfully. C:\Users\Krystian\AppData\Local\SafeWeb => Moved successfully. C:\Users\Krystian\AppData\Roaming\WHService => Moved successfully. C:\Users\Krystian\Downloads\*(*)-dp*.exe => Moved successfully. C:\Users\Krystian\Downloads\*paweldrivers.com.exe => Moved successfully. C:\Users\Krystian\Downloads\SoftonicDownloader_*.exe => Moved successfully. C:\Users\Krystian\Downloads\veetle-0.9.19.exe => Moved successfully. ========= reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0025320D-4D37-4C73-9A5C-0C28F04068A3} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0025320D-4D37-4C73-9A5C-0C28F04068A3} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0025320D-4D37-4C73-9A5C-0C28F04068A3} /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0025320D-4D37-4C73-9A5C-0C28F04068A3} /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-622784062-384319640-2803719364-1010\Software\Softonic /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.2 GB temporary data. The system needed a reboot. ==== End of Fixlog 00:56:20 ====