Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014 Ran by KAROLINA at 2014-11-13 15:17:24 Run:2 Running from C:\Users\KAROLINA\Desktop\raporty, log FIXITPC\frst Loaded Profiles: UpdatusUser & KAROLINA (Available profiles: UpdatusUser & KAROLINA) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1415565385&from=amt&uid=ST1000LM014-1EJ164_W380KHNAXXXXW380KHNA" CHR DefaultSearchKeyword: Default -> mystartsearch ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:51404;https=127.0.0.1:51404 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlbho.dll No File Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 Task: {A55B8F54-709F-4B58-B239-456B51DE9BD1} - System32\Tasks\e-pity2013_kwiecien => C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe Task: {E86A6D5D-F91B-4E18-8470-C2EB8CAF2FBB} - System32\Tasks\e-pity2013_styczen => C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-01] (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect C:\Users\KAROLINA\CD95F661A5C444F5A6AAECDD91C240E0.TMP C:\Users\KAROLINA\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\KAROLINA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\KAROLINA\AppData\Roaming\LookThisUp C:\Users\KAROLINA\AppData\Roaming\mystartsearch Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0261933D-98CF-45FA-A42A-09272D60CF6B} /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0261933D-98CF-45FA-A42A-09272D60CF6B} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769a91da-209f-47fe-88b9-b0321b0982c8}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{769a91da-209f-47fe-88b9-b0321b0982c8}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A55B8F54-709F-4B58-B239-456B51DE9BD1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A55B8F54-709F-4B58-B239-456B51DE9BD1}" => Key deleted successfully. C:\Windows\System32\Tasks\e-pity2013_kwiecien => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2013_kwiecien" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E86A6D5D-F91B-4E18-8470-C2EB8CAF2FBB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E86A6D5D-F91B-4E18-8470-C2EB8CAF2FBB}" => Key deleted successfully. C:\Windows\System32\Tasks\e-pity2013_styczen => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-pity2013_styczen" => Key deleted successfully. WindowsMangerProtect => Service not found. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\KAROLINA\CD95F661A5C444F5A6AAECDD91C240E0.TMP => Moved successfully. C:\Users\KAROLINA\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\KAROLINA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Users\KAROLINA\AppData\Roaming\LookThisUp => Moved successfully. C:\Users\KAROLINA\AppData\Roaming\mystartsearch => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0261933D-98CF-45FA-A42A-09272D60CF6B} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0261933D-98CF-45FA-A42A-09272D60CF6B} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 436.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====