Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2014 Ran by Agata at 2014-04-28 19:00:05 Run:1 Running from C:\Documents and Settings\Agata\Pulpit Boot Mode: Normal ============================================== Content of fixlist: ***************** (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe R2 IePluginService; C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [566272 2014-04-25] (Cherished Technololgy LIMITED) S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [X] S3 Revoflt; system32\DRIVERS\revoflt.sys [X] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1398429479&from=cor&uid=_XXXxXXXx HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1398429479&from=cor&uid=_XXXxXXXx&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1398429479&from=cor&uid=_XXXxXXXx HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1398429479&from=cor&uid=_XXXxXXXx&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1398429479&from=cor&uid=_XXXxXXXx&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1398429479&from=cor&uid=_XXXxXXXx HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1398429479&from=cor&uid=_XXXxXXXx HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1398429479&from=cor&uid=_XXXxXXXx&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1398429479&from=cor&uid=_XXXxXXXx&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1398429479&from=cor&uid=_XXXxXXXx&q={searchTerms} SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9481D85D4CF4B18F&affID=119357&tt=080913_nch&tsp=4999 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9481D85D4CF4B18F&affID=119357&tt=080913_nch&tsp=4999 BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) BHO: TheSea.TheSeaPlugin - {C585D593-E7F3-4852-A200-561686EE02E4} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx [2012-08-27] FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Documents and Settings\Agata\Dane aplikacji\Mozilla\Firefox\Profiles\4ios87jl.default\extensions\quick_start@gmail.com FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [FFToolbar@bitdefender.com] - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab HKLM\...\Run: [] => [X] AlternateDataStreams: C:\WINDOWS:F9978C7463C494F8 AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0CFF5F08 C:\Documents and Settings\Agata\Dane aplikacjiuser_gensett.xml C:\Documents and Settings\Agata\Dane aplikacjiProductTweaks.xml C:\Documents and Settings\Agata\Dane aplikacjiprivacy.xml C:\Documents and Settings\Agata\Dane aplikacji\Any Video Converter C:\Documents and Settings\Agata\Dane aplikacji\Babylon C:\Documents and Settings\Agata\Dane aplikacji\BitComet C:\Documents and Settings\Agata\Dane aplikacji\BitDefender(2) C:\Documents and Settings\Agata\Dane aplikacji\Bradsoft.com C:\Documents and Settings\Agata\Dane aplikacji\CAD-KAS C:\Documents and Settings\Agata\Dane aplikacji\Canon C:\Documents and Settings\Agata\Dane aplikacji\Cool Record Edit Pro C:\Documents and Settings\Agata\Dane aplikacji\DriverCure C:\Documents and Settings\Agata\Dane aplikacji\Elaborate Bytes C:\Documents and Settings\Agata\Dane aplikacji\Elluminate C:\Documents and Settings\Agata\Dane aplikacji\Genieo C:\Documents and Settings\Agata\Dane aplikacji\KeePass C:\Documents and Settings\Agata\Dane aplikacji\KompoZer C:\Documents and Settings\Agata\Dane aplikacji\Opera C:\Documents and Settings\Agata\Dane aplikacji\ParetoLogic C:\Documents and Settings\Agata\Dane aplikacji\QuickScan C:\Documents and Settings\Agata\Dane aplikacji\SolidDocuments C:\Documents and Settings\Agata\Dane aplikacji\sweet-page C:\Documents and Settings\Agata\Dane aplikacji\systweak C:\Documents and Settings\Agata\SendTo\Znajomy Xfire.lnk C:\Documents and Settings\All Users\Dane aplikacji\bdinstall.bin C:\Documents and Settings\All Users\Dane aplikacji\Babylon C:\Documents and Settings\All Users\Dane aplikacji\BitDefender C:\Documents and Settings\All Users\Dane aplikacji\G DATA C:\Documents and Settings\All Users\Dane aplikacji\ParetoLogic C:\Documents and Settings\All Users\Dane aplikacji\SolidDocuments C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Documents and Settings\All Users\Dane aplikacji\TP-LINK C:\Documents and Settings\All Users\Dane aplikacji\Vextractor C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus C:\Program Files\uninst-Particular.exe C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml C:\Program Files\Mozilla Firefox\extensions C:\Program Files\mozilla firefox\plugins C:\Program Files\Perion C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gadu-Gadu 10" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg" /f Reg: reg delete HKLM\SOFTWARE\Mozilla\Thunderbird /f CMD: netsh firewall reset Reboot: ***************** [212] C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe => Process closed successfully. [264] C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe => Process closed successfully. C:\WINDOWS\system32\cmd.exe => No running process found IePluginService => Service deleted successfully. Wpm => Service deleted successfully. ElbyCDIO => Service deleted successfully. Revoflt => Service deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully. HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4} => Key deleted successfully. HKCR\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg => Key deleted successfully. C:\Program Files\Perion\NewTab\newTab.crx => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\quick_start@gmail.com => Value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55} => Key deleted successfully. HKCR\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully. HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. C:\WINDOWS => ":F9978C7463C494F8" ADS removed successfully. C:\Documents and Settings\All Users\Dane aplikacji\TEMP => ":0CFF5F08" ADS removed successfully. C:\Documents and Settings\Agata\Dane aplikacjiuser_gensett.xml => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacjiProductTweaks.xml => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacjiprivacy.xml => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Any Video Converter => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Babylon => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\BitComet => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\BitDefender(2) => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Bradsoft.com => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\CAD-KAS => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Canon => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Cool Record Edit Pro => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\DriverCure => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Elaborate Bytes => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Elluminate => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Genieo => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\KeePass => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\KompoZer => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\Opera => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\ParetoLogic => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\QuickScan => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\SolidDocuments => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\sweet-page => Moved successfully. C:\Documents and Settings\Agata\Dane aplikacji\systweak => Moved successfully. C:\Documents and Settings\Agata\SendTo\Znajomy Xfire.lnk => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\bdinstall.bin => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Babylon => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\BitDefender => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\G DATA => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\ParetoLogic => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\SolidDocuments => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\TEMP => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\TP-LINK => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Vextractor => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus => Moved successfully. C:\Program Files\uninst-Particular.exe => Moved successfully. C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml => Moved successfully. C:\Program Files\Mozilla Firefox\extensions => Moved successfully. C:\Program Files\Mozilla Firefox\plugins => Moved successfully. C:\Program Files\Perion => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gadu-Gadu 10" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla\Thunderbird /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= netsh firewall reset ========= Ok. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====