Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-01-2015 Ran by Agnieszka at 2015-01-06 19:55:30 Run:1 Running from H:\ Loaded Profile: Agnieszka (Available profiles: jape & Agnieszka & KACPER) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-01] (Fuyu LIMITED) [File not signed] R3 ALSysIO; \??\C:\Users\AGNIES~1\AppData\Local\Temp\ALSysIO.sys [X] R3 catchme; \??\C:\Users\AGNIES~1\AppData\Local\Temp\catchme.sys [X] U3 mbr; \??\C:\ComboFix\mbr.sys [X] Task: {81A20564-DCD9-4860-8CA3-197BD1DD1AD8} - System32\Tasks\Core Temp Autostart Agnieszka => C:\Users\AGNIES~1\AppData\Local\Temp\Rar$EX00.451\Core Temp.exe HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1399684949-1430651134-2058239177-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1399684949-1430651134-2058239177-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll No File FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt C:\Program Files\ClickCaption_1.10.0.5 C:\Program Files\Opera C:\ProgramData\WindowsMangerProtect C:\Users\Agnieszka\AppData\Local\Opera Software C:\Users\Agnieszka\AppData\Roaming\Opera Software C:\Users\Agnieszka\AppData\Roaming\omiga-plus C:\Users\Agnieszka\AppData\Roaming\WebTest C:\Users\Agnieszka\Downloads\All CPU Meter 4.7.3.exe C:\Users\Agnieszka\Downloads\installspeedfan445_[www.programosy.pl].exe C:\Users\Agnieszka\Downloads\installspeedfan437.exe C:\Users\Agnieszka\Downloads\pobierz-instsf450.exe C:\Users\jape\Desktop\Continue SpeedFan installation.lnk C:\Users\jape\Downloads\*(*)-dp*.exe C:\Users\jape\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Users\jape\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. WindowsMangerProtect => Service not found. ALSysIO => Service deleted successfully. catchme => Service not found. mbr => Service not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81A20564-DCD9-4860-8CA3-197BD1DD1AD8} => Key not found. C:\Windows\System32\Tasks\Core Temp Autostart Agnieszka not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Core Temp Autostart Agnieszka => Key not found. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKU\S-1-5-21-1399684949-1430651134-2058239177-1004\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1399684949-1430651134-2058239177-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}" => Key deleted successfully. "HKCR\CLSID\{3134413B-49B4-425C-98A5-893C1F195601}" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value deleted successfully. C:\Program Files\ClickCaption_1.10.0.5 => Moved successfully. C:\Program Files\Opera => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\Agnieszka\AppData\Local\Opera Software => Moved successfully. C:\Users\Agnieszka\AppData\Roaming\Opera Software => Moved successfully. C:\Users\Agnieszka\AppData\Roaming\omiga-plus => Moved successfully. C:\Users\Agnieszka\AppData\Roaming\WebTest => Moved successfully. "C:\Users\Agnieszka\Downloads\All CPU Meter 4.7.3.exe" => File/Directory not found. "C:\Users\Agnieszka\Downloads\installspeedfan445_[www.programosy.pl].exe" => File/Directory not found. "C:\Users\Agnieszka\Downloads\installspeedfan437.exe" => File/Directory not found. "C:\Users\Agnieszka\Downloads\pobierz-instsf450.exe" => File/Directory not found. C:\Users\jape\Desktop\Continue SpeedFan installation.lnk => Moved successfully. C:\Users\jape\Downloads\*(*)-dp*.exe => Moved successfully. C:\Users\jape\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Moved successfully. C:\Users\jape\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Moved successfully. C:\Users\KACPER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 19:56:26 ====