Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2014 Ran by MaÅ‚gorzata at 2014-04-16 07:20:26 Run:4 Running from C:\Users\MaÅ‚gorzata\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** (PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe () C:\Program Files (x86)\webporpoise\updatewebporpoise.exe (Probit Software LTD) C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe (Probit Software LTD) C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe () C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-15] (StdLib) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) S2 pricemeterliveUpdate; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-04-06] (PriceMeter) S3 pricemeterliveUpdatem; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-04-06] (PriceMeter) R2 Update webporpoise; C:\Program Files (x86)\webporpoise\updatewebporpoise.exe [350496 2014-04-15] () R2 Util webporpoise; C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe [350496 2014-04-15] () S2 vosr; C:\Users\MaÅ‚gorzata\AppData\Roaming\VOPackage\VOsrv.exe [X] HKU\S-1-5-21-2661843915-1318735840-491991292-1000\...\Run: [Easy Speed PC] => C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe [148272 2013-03-18] (Probit Software LTD) HKU\S-1-5-21-2661843915-1318735840-491991292-1000\...\Run: [EasySpeedCheck] => C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe [190120 2014-03-27] (Probit Software LTD) HKU\S-1-5-21-2661843915-1318735840-491991292-1000\...\Run: [PriceMeterW] => C:\Users\MaÅ‚gorzata\AppData\Local\PriceMeter\pricemeterw.exe [309256 2014-03-24] (PriceMeter) Task: {118454E6-4025-4281-8B34-41850BE4136E} - System32\Tasks\pricemeterdownloader => C:\Users\MaÅ‚gorzata\AppData\Local\PriceMeter\pricemeterd.exe [2014-03-24] (PriceMeter) Task: {78368DF3-CB47-4B45-B458-CC1C9B5BA5B7} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-04-06] (PriceMeter) Task: {F3DD3943-29DE-47EA-91D0-C1E89B701D05} - System32\Tasks\pricemetertask => C:\Users\MaÅ‚gorzata\AppData\Local\PriceMeter\TEMP\pricemeter.exe Task: {FF8A310D-9A47-41DC-A03A-0668E14FE3D3} - System32\Tasks\pricemeterwatcher => C:\Users\MaÅ‚gorzata\AppData\Local\PriceMeter\pricemeterw.exe [2014-03-24] (PriceMeter) Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO-x32: webporpoise - {f31845e6-7a36-476e-802e-f81e59588e80} - C:\Program Files (x86)\webporpoise\webporpoisebho.dll (webporpoise) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter) FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml C:\Program Files\AdTrustMedia C:\Program Files (x86)\AdTrustMedia C:\Program Files (x86)\IObit C:\ProgramData\Adtrustmedia C:\ProgramData\IObit C:\Users\MaÅ‚gorzata\.android C:\Users\MaÅ‚gorzata\daemonprocess.txt C:\Users\MaÅ‚gorzata\AppData\Local\nstB8D8.tmp C:\Users\MaÅ‚gorzata\AppData\Local\AdTrustMedia C:\Users\MaÅ‚gorzata\AppData\Local\cache C:\Users\MaÅ‚gorzata\Downloads\Firefox(13108).exe C:\Windows\system32\GroupPolicy\GPT.INI C:\Windows\system32\GroupPolicy\adm C:\Windows\system32\GroupPolicy\Machine C:\Windows\system32\GroupPolicy\User C:\Windows\SysWOW64\GroupPolicy\adm C:\Windows\SysWOW64\GroupPolicy\Machine C:\Windows\System32\gpedit.msc C:\Windows\system32\KernelBase.dll.bak C:\Windows\SysWOW64\appmgr.dll C:\Windows\SysWOW64\gpedit.msc C:\Windows\SysWOW64\KernelBase.dll.bak C:\Windows\System32\drivers\wStLibG64.sys CMD: TAKEOWN /F "C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4" /A CMD: TAKEOWN /F "C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea" /A CMD: TAKEOWN /F "C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587" /A CMD: TAKEOWN /F "C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6" /A CMD: icacls "C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4" /grant Administratorzy:F CMD: icacls "C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea" /grant Administratorzy:F CMD: icacls "C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587" /grant Administratorzy:F CMD: icacls "C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6" /grant Administratorzy:F CMD: copy /y C:\Pliki\fde.dll C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4 CMD: copy /y C:\Pliki\fdeploy.dll C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea CMD: copy /y C:\Pliki\gptext.dll C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587 CMD: copy /y C:\Pliki\gpedit.dll C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6 CMD: rd /s /q C:\Users\MaÅ‚gorzata\Desktop\FRST-OlderVersion Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Slick Savings" /f Reboot: ***************** [2472] C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe => Process closed successfully. [3048] C:\Program Files (x86)\webporpoise\updatewebporpoise.exe => Process closed successfully. [3060] C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe => Process closed successfully. [484] C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe => Process closed successfully. [3240] C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe => Process closed successfully. wStLibG64 => Service stopped successfully. wStLibG64 => Service deleted successfully. LiveUpdateSvc => Service deleted successfully. pricemeterliveUpdate => Service deleted successfully. pricemeterliveUpdatem => Service deleted successfully. Update webporpoise => Service deleted successfully. Util webporpoise => Service deleted successfully. vosr => Service deleted successfully. HKU\S-1-5-21-2661843915-1318735840-491991292-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Speed PC => Value deleted successfully. HKU\S-1-5-21-2661843915-1318735840-491991292-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EasySpeedCheck => Value deleted successfully. HKU\S-1-5-21-2661843915-1318735840-491991292-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PriceMeterW => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{118454E6-4025-4281-8B34-41850BE4136E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{118454E6-4025-4281-8B34-41850BE4136E} => Key deleted successfully. C:\Windows\System32\Tasks\pricemeterdownloader => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78368DF3-CB47-4B45-B458-CC1C9B5BA5B7} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78368DF3-CB47-4B45-B458-CC1C9B5BA5B7} => Key deleted successfully. C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PriceMeterLiveUpdateUpdateTaskMachineCore => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3DD3943-29DE-47EA-91D0-C1E89B701D05} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3DD3943-29DE-47EA-91D0-C1E89B701D05} => Key deleted successfully. C:\Windows\System32\Tasks\pricemetertask => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemetertask => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF8A310D-9A47-41DC-A03A-0668E14FE3D3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF8A310D-9A47-41DC-A03A-0668E14FE3D3} => Key deleted successfully. C:\Windows\System32\Tasks\pricemeterwatcher => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterwatcher => Key deleted successfully. C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => Moved successfully. "C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data removed successfully. "C:\PROGRA~2\SupTab\SEARCH~1.DLL" => Value Data removed successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f31845e6-7a36-476e-802e-f81e59588e80} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{f31845e6-7a36-476e-802e-f81e59588e80} => Key deleted successfully. HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully. HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2 => Key deleted successfully. C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2 => Key deleted successfully. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 => Key deleted successfully. C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 => Key deleted successfully. C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll not found. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml => Moved successfully. C:\Program Files\AdTrustMedia => Moved successfully. C:\Program Files (x86)\AdTrustMedia => Moved successfully. C:\Program Files (x86)\IObit => Moved successfully. C:\ProgramData\Adtrustmedia => Moved successfully. C:\ProgramData\IObit => Moved successfully. C:\Users\MaÅ‚gorzata\.android => Moved successfully. C:\Users\MaÅ‚gorzata\daemonprocess.txt => Moved successfully. C:\Users\MaÅ‚gorzata\AppData\Local\nstB8D8.tmp => Moved successfully. C:\Users\MaÅ‚gorzata\AppData\Local\AdTrustMedia => Moved successfully. C:\Users\MaÅ‚gorzata\AppData\Local\cache => Moved successfully. C:\Users\MaÅ‚gorzata\Downloads\Firefox(13108).exe => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.INI => Moved successfully. C:\Windows\System32\GroupPolicy\adm => Moved successfully. C:\Windows\System32\GroupPolicy\Machine => Moved successfully. C:\Windows\System32\GroupPolicy\User => Moved successfully. C:\Windows\SysWOW64\GroupPolicy\adm => Moved successfully. C:\Windows\SysWOW64\GroupPolicy\Machine => Moved successfully. C:\Windows\System32\gpedit.msc => Moved successfully. C:\Windows\system32\KernelBase.dll.bak => Moved successfully. C:\Windows\SysWOW64\appmgr.dll => Moved successfully. C:\Windows\SysWOW64\gpedit.msc => Moved successfully. C:\Windows\SysWOW64\KernelBase.dll.bak => Moved successfully. C:\Windows\System32\drivers\wStLibG64.sys => Moved successfully. ========= TAKEOWN /F "C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4" /A ========= POWODZENIE: Plik (lub folder): "C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4" nale¾y teraz do grupy administrator¢w. ========= End of CMD: ========= ========= TAKEOWN /F "C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea" /A ========= POWODZENIE: Plik (lub folder): "C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea" nale¾y teraz do grupy administrator¢w. ========= End of CMD: ========= ========= TAKEOWN /F "C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587" /A ========= POWODZENIE: Plik (lub folder): "C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587" nale¾y teraz do grupy administrator¢w. ========= End of CMD: ========= ========= TAKEOWN /F "C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6" /A ========= POWODZENIE: Plik (lub folder): "C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6" nale¾y teraz do grupy administrator¢w. ========= End of CMD: ========= ========= icacls "C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4" /grant Administratorzy:F ========= przetworzono plik: C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4 Liczba plik¢w przetworzonych pomy˜lnie: 1; liczba plik¢w, kt¢rych przetwarzanie nie powiodˆo si©: 0. ========= End of CMD: ========= ========= icacls "C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea" /grant Administratorzy:F ========= przetworzono plik: C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea Liczba plik¢w przetworzonych pomy˜lnie: 1; liczba plik¢w, kt¢rych przetwarzanie nie powiodˆo si©: 0. ========= End of CMD: ========= ========= icacls "C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587" /grant Administratorzy:F ========= przetworzono plik: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587 Liczba plik¢w przetworzonych pomy˜lnie: 1; liczba plik¢w, kt¢rych przetwarzanie nie powiodˆo si©: 0. ========= End of CMD: ========= ========= icacls "C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6" /grant Administratorzy:F ========= przetworzono plik: C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6 Liczba plik¢w przetworzonych pomy˜lnie: 1; liczba plik¢w, kt¢rych przetwarzanie nie powiodˆo si©: 0. ========= End of CMD: ========= ========= copy /y C:\Pliki\fde.dll C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4 ========= Odmowa dost©pu. Liczba skopiowanych plik¢w: 0. ========= End of CMD: ========= ========= copy /y C:\Pliki\fdeploy.dll C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea ========= Odmowa dost©pu. Liczba skopiowanych plik¢w: 0. ========= End of CMD: ========= ========= copy /y C:\Pliki\gptext.dll C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587 ========= Odmowa dost©pu. Liczba skopiowanych plik¢w: 0. ========= End of CMD: ========= ========= copy /y C:\Pliki\gpedit.dll C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6 ========= Odmowa dost©pu. Liczba skopiowanych plik¢w: 0. ========= End of CMD: ========= ========= rd /s /q C:\Users\MaÅ‚gorzata\Desktop\FRST-OlderVersion ========= ========= End of CMD: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Slick Savings" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====