Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015 Ran by Tosh at 2015-02-13 17:05:27 Run:1 Running from C:\Users\Tosh\Desktop Loaded Profiles: Tosh (Available profiles: Tosh) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-4018006286-1764844135-730770700-1000\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2014-11-03] (ALLPlayer Group Ltd.) HKU\S-1-5-21-4018006286-1764844135-730770700-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tosh\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-4018006286-1764844135-730770700-1000\...\Run: [Cheapster] => C:\Program Files (x86)\Cheapster\msilnk.exe [288768 2014-12-30] (Koyote-Lab inc) HKU\S-1-5-21-4018006286-1764844135-730770700-1000\...\Run: [Cheapsterx64] => C:\Program Files (x86)\Cheapster\msilnk64.exe [318464 2014-12-30] (Koyote-Lab inc) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=INSTALLER&utm_campaign=instalki HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-4018006286-1764844135-730770700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=INSTALLER&utm_campaign=instalki BHO: youtubeadblocker -> {d838d291-96cb-4c0b-8152-56c3253d894b} -> C:\Program Files (x86)\youtubeadblocker\28QVig5ceOZDUN.x64.dll No File BHO: UniDeals -> {f99895ed-7516-4e42-b864-f1eacd9ff490} -> C:\Program Files (x86)\UniDeals\OE3a3z3rUDPdE5.x64.dll () FF Extension: UnniDealis e - C:\Users\Tosh\AppData\Roaming\Mozilla\Firefox\Profiles\n3k0pbn3.default\Extensions\dtBU@N.org [2015-02-13] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] C:\ProgramData\glbpjnkkijfhchhljephpmejkjpdcieo C:\ProgramData\{4883590b-79a5-b638-4883-3590b79a642d} C:\Users\Tosh\DOWNLOADS\Memory-Booster(20576)-dp.exe C:\Users\Tosh\AppData\Roaming\AVG C:\Users\Tosh\AppData\Local\Avg C:\ProgramData\AVG C:\Users\Tosh\AppData\Local\Akamai C:\Program Files (x86)\Temp Task: {3745A4D8-F3A5-4A43-B00D-91F682BC157C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.) Task: {49CE13EA-4E80-44F4-B902-E8B48BF126F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.) Task: {594A36E2-A7E4-429C-B47B-0B335FB917BC} - System32\Tasks\{BE957643-3AD2-4994-A5BB-40653EA3A142} => pcalua.exe -a C:\Users\Tosh\DOWNLOADS\MinecraftZyczu.exe -d C:\Users\Tosh\DOWNLOADS Task: {9EBAF886-12C7-4226-AF49-613FB13E74F6} - System32\Tasks\{22846974-D675-4AFA-8268-6BE0B9922EBE} => pcalua.exe -a C:\Users\Tosh\Desktop\MinecraftZyczu.exe -d C:\Users\Tosh\Desktop Task: {BE991E3B-459C-4ABA-AFF8-B5544E085628} - System32\Tasks\{CB2C0DA3-877C-4E96-B65F-703F0C964578} => C:\Users\Tosh\Desktop\serwer minecraft\minecraft_server.1.8.1.exe [2015-02-05] () Task: {CBB7088C-DCA5-4618-B3BD-48E968ACC0EC} - System32\Tasks\{F72C0213-EA90-4B9F-A9BC-E88C8A51EDD8} => pcalua.exe -a C:\Users\Tosh\DOWNLOADS\0001-32bit_Win7_Win8_Win81_R275.exe -d C:\Users\Tosh\Downloads Task: {E14E68D7-6E46-4C7B-9815-C87A1263AF9F} - System32\Tasks\Game_Booster_AutoUpdate => D:\Game Booster 3\AutoUpdate.exe [2015-01-26] () Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-4018006286-1764844135-730770700-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => value deleted successfully. HKU\S-1-5-21-4018006286-1764844135-730770700-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. HKU\S-1-5-21-4018006286-1764844135-730770700-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Cheapster => value deleted successfully. HKU\S-1-5-21-4018006286-1764844135-730770700-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Cheapsterx64 => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-4018006286-1764844135-730770700-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d838d291-96cb-4c0b-8152-56c3253d894b}" => Key deleted successfully. "HKCR\CLSID\{d838d291-96cb-4c0b-8152-56c3253d894b}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f99895ed-7516-4e42-b864-f1eacd9ff490}" => Key deleted successfully. "HKCR\CLSID\{f99895ed-7516-4e42-b864-f1eacd9ff490}" => Key deleted successfully. C:\Users\Tosh\AppData\Roaming\Mozilla\Firefox\Profiles\n3k0pbn3.default\Extensions\dtBU@N.org => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found. EagleX64 => Service deleted successfully. VGPU => Service deleted successfully. xhunter1 => Service deleted successfully. C:\ProgramData\glbpjnkkijfhchhljephpmejkjpdcieo => Moved successfully. C:\ProgramData\{4883590b-79a5-b638-4883-3590b79a642d} => Moved successfully. C:\Users\Tosh\DOWNLOADS\Memory-Booster(20576)-dp.exe => Moved successfully. C:\Users\Tosh\AppData\Roaming\AVG => Moved successfully. C:\Users\Tosh\AppData\Local\Avg => Moved successfully. C:\ProgramData\AVG => Moved successfully. C:\Users\Tosh\AppData\Local\Akamai => Moved successfully. C:\Program Files (x86)\Temp => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3745A4D8-F3A5-4A43-B00D-91F682BC157C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3745A4D8-F3A5-4A43-B00D-91F682BC157C}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49CE13EA-4E80-44F4-B902-E8B48BF126F2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49CE13EA-4E80-44F4-B902-E8B48BF126F2}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{594A36E2-A7E4-429C-B47B-0B335FB917BC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{594A36E2-A7E4-429C-B47B-0B335FB917BC}" => Key deleted successfully. C:\Windows\System32\Tasks\{BE957643-3AD2-4994-A5BB-40653EA3A142} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BE957643-3AD2-4994-A5BB-40653EA3A142}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EBAF886-12C7-4226-AF49-613FB13E74F6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EBAF886-12C7-4226-AF49-613FB13E74F6}" => Key deleted successfully. C:\Windows\System32\Tasks\{22846974-D675-4AFA-8268-6BE0B9922EBE} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{22846974-D675-4AFA-8268-6BE0B9922EBE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE991E3B-459C-4ABA-AFF8-B5544E085628}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE991E3B-459C-4ABA-AFF8-B5544E085628}" => Key deleted successfully. C:\Windows\System32\Tasks\{CB2C0DA3-877C-4E96-B65F-703F0C964578} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CB2C0DA3-877C-4E96-B65F-703F0C964578}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBB7088C-DCA5-4618-B3BD-48E968ACC0EC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBB7088C-DCA5-4618-B3BD-48E968ACC0EC}" => Key deleted successfully. C:\Windows\System32\Tasks\{F72C0213-EA90-4B9F-A9BC-E88C8A51EDD8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F72C0213-EA90-4B9F-A9BC-E88C8A51EDD8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E14E68D7-6E46-4C7B-9815-C87A1263AF9F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E14E68D7-6E46-4C7B-9815-C87A1263AF9F}" => Key deleted successfully. C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes => Key Deleted successfully. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes => Key Deleted successfully. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes => Key Deleted successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= EmptyTemp: => Removed 164.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:06:14 ====