Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01 Ran by Szymon at 2015-07-01 10:37:44 Run:1 Running from C:\ Loaded Profiles: Szymon (Available Profiles: Szymon) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: CustomCLSID: HKU\S-1-5-21-1317218049-2942288360-2257388386-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\fwcfg.dll (poctifiCtarroronM oso) <==== ATTENTION Task: {54BE5004-1DA7-4FD4-99E2-363DBBABC2C4} - System32\Tasks\{28F4C1DB-2834-4EC2-8289-33C7943A0DE6} => W:\1602.exe Task: {5AD4BDD5-02BB-46A8-82FE-E6FB5AC174CD} - System32\Tasks\{9BF58081-F93F-4F9A-BC1F-C6AFE280B535} => W:\1602.exe Task: {5EFDBADC-D464-4D7B-8091-DB8891280AFC} - System32\Tasks\{9A96E561-ACAE-42FD-BBC4-99734C3C7975} => W:\Anno1602\1602.exe Task: {B189A341-0F0A-4CF0-8054-5F998D5A36EF} - System32\Tasks\{30A68905-9A1C-4B27-983E-1A0902CA1732} => W:\Anno1602\1602.exe Task: {C475D94A-7339-42DB-9B35-F4766BA51E1E} - System32\Tasks\{06433C43-285A-4140-82FC-379A7EB9E902} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=7.0.0.102&LastError=12007 Task: {F92974D0-39AC-4A85-BFC8-EC1985714FB5} - System32\Tasks\{E756FDA0-6644-414D-9AA0-41A3D111D567} => D:\Gry\Gauntlet\binaries\gauntlet.exe HKLM\...\Run: [NetWorx] => "C:\Program Files\NetWorx\networx.exe" /auto HKU\S-1-5-21-1317218049-2942288360-2257388386-1000\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-1317218049-2942288360-2257388386-1000\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-1317218049-2942288360-2257388386-1000\...\RunOnce: [Adobe Speed Launcher] => 1435689862 HKU\S-1-5-21-1317218049-2942288360-2257388386-1000\...\Policies\Explorer: [] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} C:\Users\Szymon\AppData\Roaming\480D35BE C:\Users\Szymon\Downloads\Niepotwierdzony*.crdownload Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKU\S-1-5-21-1317218049-2942288360-2257388386-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54BE5004-1DA7-4FD4-99E2-363DBBABC2C4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54BE5004-1DA7-4FD4-99E2-363DBBABC2C4}" => key removed successfully C:\Windows\System32\Tasks\{28F4C1DB-2834-4EC2-8289-33C7943A0DE6} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28F4C1DB-2834-4EC2-8289-33C7943A0DE6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AD4BDD5-02BB-46A8-82FE-E6FB5AC174CD}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AD4BDD5-02BB-46A8-82FE-E6FB5AC174CD}" => key removed successfully C:\Windows\System32\Tasks\{9BF58081-F93F-4F9A-BC1F-C6AFE280B535} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9BF58081-F93F-4F9A-BC1F-C6AFE280B535}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EFDBADC-D464-4D7B-8091-DB8891280AFC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EFDBADC-D464-4D7B-8091-DB8891280AFC}" => key removed successfully C:\Windows\System32\Tasks\{9A96E561-ACAE-42FD-BBC4-99734C3C7975} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9A96E561-ACAE-42FD-BBC4-99734C3C7975}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B189A341-0F0A-4CF0-8054-5F998D5A36EF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B189A341-0F0A-4CF0-8054-5F998D5A36EF}" => key removed successfully C:\Windows\System32\Tasks\{30A68905-9A1C-4B27-983E-1A0902CA1732} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30A68905-9A1C-4B27-983E-1A0902CA1732}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C475D94A-7339-42DB-9B35-F4766BA51E1E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C475D94A-7339-42DB-9B35-F4766BA51E1E}" => key removed successfully C:\Windows\System32\Tasks\{06433C43-285A-4140-82FC-379A7EB9E902} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{06433C43-285A-4140-82FC-379A7EB9E902}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F92974D0-39AC-4A85-BFC8-EC1985714FB5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F92974D0-39AC-4A85-BFC8-EC1985714FB5}" => key removed successfully C:\Windows\System32\Tasks\{E756FDA0-6644-414D-9AA0-41A3D111D567} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E756FDA0-6644-414D-9AA0-41A3D111D567}" => key removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NetWorx => value removed successfully HKU\S-1-5-21-1317218049-2942288360-2257388386-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => value removed successfully HKU\S-1-5-21-1317218049-2942288360-2257388386-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully HKU\S-1-5-21-1317218049-2942288360-2257388386-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value removed successfully HKU\S-1-5-21-1317218049-2942288360-2257388386-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully EagleX64 => Service removed successfully "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" folder move: Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" folder => Scheduled to move on reboot. C:\Users\Szymon\AppData\Roaming\480D35BE => moved successfully. "C:\Users\Szymon\Downloads\Niepotwierdzony*.crdownload" => File/Folder not found. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= EmptyTemp: => 3.6 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-01 10:42:39)<= C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Is moved successfully ==== End of Fixlog 10:42:39 ====