Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by ROBERT at 2015-01-28 16:19:52 Run:1 Running from J:\ Loaded Profiles: ROBERT (Available profiles: ROBERT & KAHLR & Malinka) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R1 {665e51a3-da93-4d76-a3a4-e4194c384ce8}w64; C:\Windows\System32\drivers\{665e51a3-da93-4d76-a3a4-e4194c384ce8}w64.sys [48784 2015-01-27] (StdLib) S1 {820a714f-c526-4777-8e87-e9d6612e0938}Gw64; system32\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys [X] S2 0165441422395760mcinstcleanup; C:\Users\KAHLR\AppData\Local\Temp\016544~1.EXE [854720 2014-11-19] (McAfee, Inc.) S2 0c632643; "C:\Windows\system32\rundll32.exe" "c:\progra~3\intere~1\InterenetOptimizerSvc.dll",service S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X] S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe" [X] S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] Task: {80F9AE36-6054-4DBE-97DA-6C5674208116} - System32\Tasks\{7F420921-0A3A-4C35-A7C4-681F2A7B61AD} => pcalua.exe -a C:\Users\ROBERT\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=sien HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1773470009-2733455634-175904507-1001\...\MountPoints2: {6b98147a-94ce-11e4-8aa1-00241dd78311} - J:\LGAutoRun.exe AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => C:\PROGRA~3\INTERE~1\INTERE~2.DLL File Not Found AppInit_DLLs-x32: c:\progra~3\intere~1\intere~1.dll => "c:\progra~3\intere~1\intere~1.dll" File Not Found GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1418128689&from=sien&uid=WDCXWD5001AALS-00L3B2_WD-WCASY850276002760&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1418128689&from=sien&uid=WDCXWD5001AALS-00L3B2_WD-WCASY850276002760&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418128689&from=sien&uid=WDCXWD5001AALS-00L3B2_WD-WCASY850276002760 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418128689&from=sien&uid=WDCXWD5001AALS-00L3B2_WD-WCASY850276002760&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1418128689&from=sien&uid=WDCXWD5001AALS-00L3B2_WD-WCASY850276002760&q={searchTerms} C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\SupTab C:\Program Files (x86)\Temp C:\ProgramData\IePluginServices C:\ProgramData\Norton C:\ProgramData\Symantec C:\ProgramData\WindowsMangerProtect C:\Users\ROBERT\*.exe C:\Users\ROBERT\AppData\Local\globalUpdate C:\Users\ROBERT\AppData\Roaming\systweak C:\Windows\system32\roboot64.exe C:\Windows\System32\drivers\{665e51a3-da93-4d76-a3a4-e4194c384ce8}w64.sys Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect /f CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\ROBERT\AppData\Local CMD: dir /a C:\Users\ROBERT\AppData\LocalLow CMD: dir /a C:\Users\ROBERT\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. {665e51a3-da93-4d76-a3a4-e4194c384ce8}w64 => Service stopped successfully. {665e51a3-da93-4d76-a3a4-e4194c384ce8}w64 => Service deleted successfully. {820a714f-c526-4777-8e87-e9d6612e0938}Gw64 => Service deleted successfully. 0165441422395760mcinstcleanup => Service not found. 0c632643 => Service deleted successfully. IePluginServices => Service deleted successfully. mccspsvc => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80F9AE36-6054-4DBE-97DA-6C5674208116}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80F9AE36-6054-4DBE-97DA-6C5674208116}" => Key deleted successfully. C:\Windows\System32\Tasks\{7F420921-0A3A-4C35-A7C4-681F2A7B61AD} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F420921-0A3A-4C35-A7C4-681F2A7B61AD}" => Key deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. "HKU\S-1-5-21-1773470009-2733455634-175904507-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b98147a-94ce-11e4-8aa1-00241dd78311}" => Key deleted successfully. HKCR\CLSID\{6b98147a-94ce-11e4-8aa1-00241dd78311} => Key not found. "C:\PROGRA~3\INTERE~1\INTERE~2.DLL" => Value Data removed successfully. "c:\progra~3\intere~1\intere~1.dll" => Value Data removed successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. C:\Program Files (x86)\globalUpdate => Moved successfully. C:\Program Files (x86)\SupTab => Moved successfully. C:\Program Files (x86)\Temp => Moved successfully. C:\ProgramData\IePluginServices => Moved successfully. C:\ProgramData\Norton => Moved successfully. C:\ProgramData\Symantec => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\ROBERT\*.exe => Moved successfully. C:\Users\ROBERT\AppData\Local\globalUpdate => Moved successfully. C:\Users\ROBERT\AppData\Roaming\systweak => Moved successfully. C:\Windows\system32\roboot64.exe => Moved successfully. C:\Windows\System32\drivers\{665e51a3-da93-4d76-a3a4-e4194c384ce8}w64.sys => Moved successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: A238-6ECE Katalog: C:\Program Files 2015-01-27 22:56 . 2015-01-27 22:56 .. 2015-01-27 18:06 CCleaner 2015-01-27 22:51 Common Files 2009-07-14 05:54 174 desktop.ini 2014-11-19 00:11 DVD Maker 2014-12-10 14:06 Internet Explorer 2014-11-18 21:37 Logitech 2015-01-27 22:57 McAfee 2015-01-27 22:56 McAfee.com 2014-11-20 10:36 Microsoft Analysis Services 2009-07-14 19:09 Microsoft Games 2014-11-20 12:35 Microsoft Office 2014-11-21 16:30 Microsoft Silverlight 2014-11-20 10:38 Microsoft SQL Server Compact Edition 2014-11-20 10:38 Microsoft Sync Framework 2014-11-20 10:39 Microsoft Synchronization Services 2009-07-14 06:32 MSBuild 2014-11-18 22:19 NVIDIA Corporation 2009-07-14 06:32 Reference Assemblies 2009-07-14 06:09 Uninstall Information 2014-11-19 03:06 Windows Defender 2014-11-19 03:06 Windows Journal 2014-11-19 00:11 Windows Mail 2014-11-19 03:07 Windows Media Player 2014-11-18 13:41 Windows NT 2014-11-19 00:11 Windows Photo Viewer 2014-11-19 00:11 Windows Portable Devices 2014-11-19 00:11 Windows Sidebar 1 plik(¢w) 174 bajt¢w 28 katalog(¢w) 63ÿ911ÿ763ÿ968 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: A238-6ECE Katalog: C:\Program Files (x86) 2015-01-28 16:20 . 2015-01-28 16:20 .. 2014-12-01 18:26 Adobe 2014-11-19 21:28 AppEnable 2015-01-01 16:05 Brother 2015-01-27 22:58 Common Files 2009-07-14 05:54 174 desktop.ini 2015-01-01 16:05 InstallShield Installation Information 2014-12-10 14:06 Internet Explorer 2015-01-24 22:06 LG Electronics 2015-01-28 01:18 McAfee 2015-01-27 22:57 McAfee.com 2014-11-20 10:36 Microsoft Analysis Services 2014-11-20 10:35 Microsoft Office 2014-11-21 16:30 Microsoft Silverlight 2014-11-20 10:37 Microsoft Visual Studio 8 2014-11-20 10:38 Microsoft.NET 2014-11-20 10:38 MSBuild 2015-01-24 22:07 MSXML 4.0 2014-12-19 07:30 NeoSmart Technologies 2014-11-18 22:19 NVIDIA Corporation 2015-01-27 12:28 Opera 2009-07-14 06:32 Reference Assemblies 2014-11-18 20:19 Renesas Electronics 2015-01-27 23:06 SafeKey 2009-07-14 05:57 Uninstall Information 2014-11-19 03:06 Windows Defender 2014-11-19 00:11 Windows Mail 2014-11-19 03:07 Windows Media Player 2009-07-14 06:32 Windows NT 2014-11-19 00:11 Windows Photo Viewer 2014-11-19 00:11 Windows Portable Devices 2014-11-19 00:11 Windows Sidebar 1 plik(¢w) 174 bajt¢w 32 katalog(¢w) 63ÿ911ÿ763ÿ968 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: A238-6ECE Katalog: C:\Program Files\Common Files 2015-01-27 22:51 . 2015-01-27 22:51 .. 2014-11-21 16:31 DESIGNER 2014-11-18 21:37 LogiShrd 2015-01-27 23:15 McAfee 2014-11-20 12:34 Microsoft Shared 2009-07-14 04:20 Services 2009-07-14 04:20 SpeechEngines 2014-11-20 12:36 System 0 plik(¢w) 0 bajt¢w 9 katalog(¢w) 63ÿ911ÿ763ÿ968 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: A238-6ECE Katalog: C:\Program Files (x86)\Common Files 2015-01-27 22:58 . 2015-01-27 22:58 .. 2014-11-21 17:53 Adobe 2014-12-01 18:26 Adobe AIR 2014-11-18 17:00 DVDVideoSoft 2015-01-27 22:58 27ÿ093ÿ992 lpuninstall.exe 2015-01-27 22:57 McAfee 2015-01-24 22:07 microsoft shared 2009-07-14 04:20 Services 2009-07-14 04:20 SpeechEngines 2015-01-27 18:27 Symantec Shared 2014-11-19 03:07 System 1 plik(¢w) 27ÿ093ÿ992 bajt¢w 11 katalog(¢w) 63ÿ911ÿ763ÿ968 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: A238-6ECE Katalog: C:\ProgramData 2015-01-28 16:20 . 2015-01-28 16:20 .. 2014-12-10 07:15 374311380 2014-12-01 18:26 Adobe 2009-07-14 06:08 Application Data [C:\ProgramData] 2015-01-01 16:04 Brother 2014-11-18 13:41 Dane aplikacji [C:\ProgramData] 2009-07-14 06:08 Desktop [C:\Users\Public\Desktop] 2009-07-14 06:08 Documents [C:\Users\Public\Documents] 2014-11-18 13:41 Dokumenty [C:\Users\Public\Documents] 2014-11-18 20:18 Downloaded Installations 2009-07-14 06:08 Favorites [C:\Users\Public\Favorites] 2014-11-18 21:37 Logishrd 2015-01-12 23:14 LogMeIn 2015-01-28 07:56 McAfee 2014-11-18 13:41 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-11-21 16:30 Microsoft 2015-01-01 19:00 Microsoft Help 2015-01-27 18:23 NortonInstaller 2015-01-27 17:10 472 ntuser.pol 2015-01-28 16:03 NVIDIA 2014-11-18 22:19 NVIDIA Corporation 2014-11-18 13:41 Pulpit [C:\Users\Public\Desktop] 2009-07-14 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2014-11-18 13:41 Szablony [C:\ProgramData\Microsoft\Windows\Templates] 2009-07-14 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2014-11-20 23:44 TreeCardGames 2014-11-18 13:41 Ulubione [C:\Users\Public\Favorites] 2014-12-10 14:06 WiMP 1 plik(¢w) 472 bajt¢w 28 katalog(¢w) 63ÿ911ÿ763ÿ968 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\ROBERT\AppData\Local ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: A238-6ECE Katalog: C:\Users\ROBERT\AppData\Local 2015-01-28 16:20 . 2015-01-28 16:20 .. 2014-12-10 13:29 Adobe 2014-11-19 09:26 Apps 2014-11-18 14:59 Collectorz.com 2014-11-18 13:42 Dane aplikacji [C:\Users\ROBERT\AppData\Local] 2014-12-21 10:40 Diagnostics 2014-12-21 22:21 ElevatedDiagnostics 2014-11-19 08:34 EmieBrowserModeList 2014-11-19 08:34 EmieSiteList 2014-11-19 08:34 EmieUserList 2015-01-03 20:03 FreeOCR 2014-12-04 12:27 109ÿ280 GDIPFONTCACHEV1.DAT 2014-11-19 08:02 GHISLER 2014-11-18 13:42 Historia [C:\Users\ROBERT\AppData\Local\Microsoft\Windows\History] 2015-01-28 10:52 1ÿ292ÿ792 IconCache.db 2015-01-24 22:08 LG Electronics 2015-01-13 08:26 LogMeIn 2015-01-28 16:12 LogMeIn Hamachi 2015-01-14 08:49 Microsoft 2014-11-22 19:36 Microsoft Games 2014-11-20 08:58 Microsoft Help 2014-12-19 07:52 NeoSmart_Technologies 2014-11-18 22:44 NVIDIA 2014-11-18 16:49 Opera Software 2014-11-18 15:42 Programs 2014-12-20 07:52 7ÿ597 resmon.resmoncfg 2014-12-04 17:47 TeamViewer 2015-01-28 16:20 Temp 2014-11-18 13:42 Temporary Internet Files [C:\Users\ROBERT\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2014-11-18 13:42 VirtualStore 2014-11-20 12:29 WindowsUpdate 3 plik(¢w) 1ÿ409ÿ669 bajt¢w 29 katalog(¢w) 63ÿ911ÿ763ÿ968 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\ROBERT\AppData\LocalLow ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: A238-6ECE Katalog: C:\Users\ROBERT\AppData\LocalLow 2015-01-27 23:06 . 2015-01-27 23:06 .. 2014-11-21 17:55 Adobe 2014-11-19 08:34 EmieBrowserModeList 2014-11-19 08:34 EmieSiteList 2014-11-19 08:34 EmieUserList 2014-11-21 16:30 Microsoft 2015-01-27 23:15 SafeKey 2014-11-18 21:34 SafeKeylang 2014-11-18 21:34 SafeKeytmp 0 plik(¢w) 0 bajt¢w 10 katalog(¢w) 63ÿ911ÿ763ÿ968 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a C:\Users\ROBERT\AppData\Roaming ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: A238-6ECE Katalog: C:\Users\ROBERT\AppData\Roaming 2015-01-28 16:20 . 2015-01-28 16:20 .. 2014-11-18 20:51 AccurateRip 2014-12-22 19:15 Adobe 2014-11-18 16:51 AnvSoft 2014-11-18 16:10 Any Audio Converter 2014-11-25 13:56 Aspiro Music AS 2014-11-18 20:47 BESTplayer 2014-11-25 13:58 com.aspiro.wimp.pl 2014-11-25 13:58 com.aspiro.wimp.pl.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1 2014-12-01 18:26 com.linnrecords.DownloadManager 2014-11-18 17:00 DVDVideoSoft 2014-12-19 07:43 GHISLER 2014-11-18 13:42 Identities 2015-01-01 16:04 InstallShield 2014-11-18 21:36 Logishrd 2014-11-18 21:37 Logitech 2014-11-19 00:50 Macromedia 2009-07-14 19:09 Media Center Programs 2015-01-06 09:59 Microsoft 2014-11-18 16:49 Opera Software 2014-12-09 13:38 PANASONIC KX-TG7200PD user guide 2014-12-19 14:42 TeamViewer 2014-12-24 23:39 vlc 0 plik(¢w) 0 bajt¢w 24 katalog(¢w) 63ÿ911ÿ763ÿ968 bajt¢w wolnych ========= End of CMD: ========= EmptyTemp: => Removed 701.3 MB temporary data. The system needed a reboot. ==== End of Fixlog 16:20:32 ====