Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015 Ran by Serge_2 at 2015-03-22 17:05:28 Run:4 Running from C:\Users\Serge_2\Downloads Loaded Profiles: Serge_2 (Available profiles: Serge_2) Boot Mode: Normal ============================================== Content of fixlist: ***************** S3 catchme; \??\C:\Users\Serge_2\AppData\Local\Temp\catchme.sys [X] Task: {6C460D55-C1F3-4D04-A50B-9BBF50B9A558} - System32\Tasks\avastBCLRestartS-1-5-21-929553786-925988434-3115227362-1002 => Chrome.exe CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - No Path CHR HKU\S-1-5-21-929553786-925988434-3115227362-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-929553786-925988434-3115227362-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141212 HKU\S-1-5-21-929553786-925988434-3115227362-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-929553786-925988434-3115227362-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141212 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab C:\Program Files\MyPC Backup C:\ProgramData\jcmvxcc.html C:\ProgramData\LUUnInstall.LiveUpdate C:\ProgramData\AVAST Software C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games C:\Users\Serge_2\AppData\Roaming\Dropbox C:\Users\Serge_2\AppData\Roaming\TeamViewer C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension RemoveDirectory: C:\Qoobox CMD: for /d %f in (C:\ProgramData\Microsoft\Windows\GameExplorer\{*}) do rd /s /q "%f" Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f EmptyTemp: ***************** catchme => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C460D55-C1F3-4D04-A50B-9BBF50B9A558}" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C460D55-C1F3-4D04-A50B-9BBF50B9A558}" => Key Deleted successfully. C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-929553786-925988434-3115227362-1002 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-929553786-925988434-3115227362-1002" => Key Deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf" => Key deleted successfully. "HKU\S-1-5-21-929553786-925988434-3115227362-1002\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-929553786-925988434-3115227362-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-929553786-925988434-3115227362-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-929553786-925988434-3115227362-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully. HKCR\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully. HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}" => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key not found. C:\Program Files\MyPC Backup => Moved successfully. C:\ProgramData\jcmvxcc.html => Moved successfully. C:\ProgramData\LUUnInstall.LiveUpdate => Moved successfully. C:\ProgramData\AVAST Software => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games => Moved successfully. C:\Users\Serge_2\AppData\Roaming\Dropbox => Moved successfully. C:\Users\Serge_2\AppData\Roaming\TeamViewer => Moved successfully. C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. "C:\Qoobox" => Removed successfully. ========= for /d %f in (C:\ProgramData\Microsoft\Windows\GameExplorer\{*}) do rd /s /q "%f" ========= ========= End of CMD: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 116.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:05:43 ====