Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-01-2015 01 Ran by Krz at 2015-02-03 19:24:06 Run:1 Running from C:\Users\Krz\Desktop Loaded Profiles: Krz (Available profiles: Krz) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-25] (Fuyu LIMITED) [File not signed] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1419542396&from=cor&uid=WDCXWD800BB-55JKC0_WD-WCAMD471537215372&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419542396&from=cor&uid=WDCXWD800BB-55JKC0_WD-WCAMD471537215372&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1419542396&from=cor&uid=WDCXWD800BB-55JKC0_WD-WCAMD471537215372 Task: {05F55DCD-84DC-4552-9EF0-78D50BAC2708} - System32\Tasks\{25922866-79D0-4659-9DCC-1FF082DA0829} => pcalua.exe -a C:\Users\Krz\Desktop\1153320512\install.exe -d C:\Users\Krz\Desktop\1153320512 Task: {6E9304E0-8A19-4C36-B2BF-7E2B17FBB320} - System32\Tasks\{F9B0ABA5-EF81-4953-9722-9E963F3C5227} => pcalua.exe -a C:\Users\Krz\Desktop\1252073814-Editing-Kit\NFS5carpartsEditor.v0.8d\setup.exe -d C:\Users\Krz\Desktop\1252073814-Editing-Kit\NFS5carpartsEditor.v0.8d CustomCLSID: HKU\S-1-5-21-1842147718-165999632-1959978785-1001_Classes\CLSID\{8E1BC32D-DFF4-DC05-18E0-06A277D07930}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1842147718-165999632-1959978785-1001_Classes\CLSID\{9AE11967-97BC-B56D-7CF7-EA1B9D5A80E6}\InprocServer32 -> No File Path HKU\S-1-5-21-1842147718-165999632-1959978785-1001\Software\Classes\.exe: => <===== ATTENTION! HKU\S-1-5-21-1842147718-165999632-1959978785-1001\Software\Classes\exefile: <===== ATTENTION! C:\ProgramData\TEMP C:\ProgramData\WindowsMangerProtect C:\Users\Krz\AppData\Local\pcc.exe EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. WindowsMangerProtect => Service deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05F55DCD-84DC-4552-9EF0-78D50BAC2708}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05F55DCD-84DC-4552-9EF0-78D50BAC2708}" => Key deleted successfully. C:\Windows\System32\Tasks\{25922866-79D0-4659-9DCC-1FF082DA0829} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{25922866-79D0-4659-9DCC-1FF082DA0829}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E9304E0-8A19-4C36-B2BF-7E2B17FBB320}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E9304E0-8A19-4C36-B2BF-7E2B17FBB320}" => Key deleted successfully. C:\Windows\System32\Tasks\{F9B0ABA5-EF81-4953-9722-9E963F3C5227} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9B0ABA5-EF81-4953-9722-9E963F3C5227}" => Key deleted successfully. "HKU\S-1-5-21-1842147718-165999632-1959978785-1001_Classes\CLSID\{8E1BC32D-DFF4-DC05-18E0-06A277D07930}" => Key deleted successfully. "HKU\S-1-5-21-1842147718-165999632-1959978785-1001_Classes\CLSID\{9AE11967-97BC-B56D-7CF7-EA1B9D5A80E6}" => Key deleted successfully. "HKU\S-1-5-21-1842147718-165999632-1959978785-1001\Software\Classes\.exe" => Key deleted successfully. "HKU\S-1-5-21-1842147718-165999632-1959978785-1001\Software\Classes\exefile" => Key deleted successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\Krz\AppData\Local\pcc.exe => Moved successfully. EmptyTemp: => Removed 2 GB temporary data. The system needed a reboot. ==== End of Fixlog 19:25:12 ====