Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01 Ran by Grzesiek at 2015-06-30 15:29:32 Run:1 Running from C:\Users\Grzegorz\Desktop Loaded Profiles: Grzesiek (Available Profiles: Grzesiek & Administrator) Boot Mode: Safe Mode (minimal) ============================================== fixlist content: ***************** R2 VSSS; C:\Users\Grzegorz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [106359424 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION S2 avgfws; "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe" [X] S0 cm_km_w; system32\DRIVERS\cm_km_w.sys [X] S1 hzszkayk; \??\C:\WINDOWS\system32\drivers\hzszkayk.sys [X] S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X] S2 kldisk; \SystemRoot\system32\DRIVERS\kldisk.sys [X] S1 Klwtp; \SystemRoot\system32\DRIVERS\klwtp.sys [X] R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X] S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X] S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X] HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1195767892-898069442-3820156252-1002\...\Run: [AceWebException] => C:\Users\Grzegorz\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] () ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File HKU\S-1-5-21-1195767892-898069442-3820156252-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={B4B56E63-B3D8-4505-8723-348C611CD0B8}&mid=8f655335c45347cd9dc5314fa05b5230-6bed12d77deea99345a0cedb1c9141571f9fc80a&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-03-24 19:11:32&v=4.1.0.411&pid=wtu&sg=&sap=hp SearchScopes: HKU\S-1-5-21-1195767892-898069442-3820156252-1002 -> DefaultScope {04311CAB-6B0E-4E4E-BDCD-6283C1C0ADE0} URL = SearchScopes: HKU\S-1-5-21-1195767892-898069442-3820156252-1002 -> {04311CAB-6B0E-4E4E-BDCD-6283C1C0ADE0} URL = SearchScopes: HKU\S-1-5-21-1195767892-898069442-3820156252-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File FirewallRules: [TCP Query User{702FC1AA-C29F-4662-AEE9-76087FEF9DE7}C:\users\grzegorz\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\grzegorz\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{2DD5C466-6F65-40BC-8DEE-4B3D34132039}C:\users\grzegorz\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\grzegorz\appdata\roaming\acestream\engine\ace_engine.exe C:\Program Files\*.exe C:\Program Files (x86)\AVG C:\Program Files (x86)\Kaspersky Lab C:\Program Files\Common Files\AV C:\ProgramData\AVG2015 C:\ProgramData\MFAData C:\Users\Grzegorz\AppData\Local\MFAData C:\Users\Grzegorz\AppData\Roaming\.ACEStream C:\Users\Grzegorz\AppData\Roaming\ACEStream C:\Users\Grzegorz\AppData\Roaming\AceWebExtension C:\Users\Grzegorz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe C:\_acestream_cache_ DisableService: Internet Manager. RunOuc Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f EmptyTemp: ***************** VSSS => Service removed successfully avgfws => Service removed successfully cm_km_w => Service removed successfully hzszkayk => Service removed successfully intaud_WaveExtensible => Service removed successfully iwdbus => Service removed successfully kldisk => Service removed successfully Klwtp => Service removed successfully KProcessHacker2 => Service not found. usb3Hub => Service removed successfully XHCIPort => Service removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully HKU\S-1-5-21-1195767892-898069442-3820156252-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AceWebException => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found. HKU\S-1-5-21-1195767892-898069442-3820156252-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-1195767892-898069442-3820156252-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-1195767892-898069442-3820156252-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04311CAB-6B0E-4E4E-BDCD-6283C1C0ADE0}" => key removed successfully HKCR\CLSID\{04311CAB-6B0E-4E4E-BDCD-6283C1C0ADE0} => key not found. "HKU\S-1-5-21-1195767892-898069442-3820156252-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{702FC1AA-C29F-4662-AEE9-76087FEF9DE7}C:\users\grzegorz\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2DD5C466-6F65-40BC-8DEE-4B3D34132039}C:\users\grzegorz\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully C:\Program Files\*.exe => moved successfully. C:\Program Files (x86)\AVG => moved successfully. C:\Program Files (x86)\Kaspersky Lab => moved successfully. C:\Program Files\Common Files\AV => moved successfully. C:\ProgramData\AVG2015 => moved successfully. C:\ProgramData\MFAData => moved successfully. C:\Users\Grzegorz\AppData\Local\MFAData => moved successfully. C:\Users\Grzegorz\AppData\Roaming\.ACEStream => moved successfully. C:\Users\Grzegorz\AppData\Roaming\ACEStream => moved successfully. C:\Users\Grzegorz\AppData\Roaming\AceWebExtension => moved successfully. C:\Users\Grzegorz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully. C:\_acestream_cache_ => moved successfully. Internet Manager. RunOuc service was disabled ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => 382 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 15:29:39 ====