Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01 Ran by KaMiLa at 2015-02-27 00:17:32 Run:1 Running from C:\Documents and Settings\KaMiLa\Pulpit Loaded Profiles: KaMiLa (Available profiles: KaMiLa) Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** CloseProcesses: Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\rpcss.dll Replace: C:\WINDOWS\system32\dllcache\imapi.exe C:\WINDOWS\system32\imapi.exe S4 BrowserProtect; C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [0 2013-02-11] () <==== ATTENTION (zero size file/folder) S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 HWiNFO32; \??\C:\DOCUME~1\KaMiLa\USTAWI~1\Temp\HWiNFO32.SYS [X] S3 RT80x86; system32\DRIVERS\RT2860.sys [X] HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\Documents and Settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll No File CustomCLSID: HKU\S-1-5-21-1123561945-776561741-1801674531-1004_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Documents and Settings\KaMiLa\Dane aplikacji\GG\ggdrive\ggdrive-menu.dll No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-1123561945-776561741-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=80c1e2a600000000000000b08c069ac4" <======= ATTENTION SearchScopes: HKU\S-1-5-21-1123561945-776561741-1801674531-1004 -> {F10D8717-BF7A-4144-9CA6-E4AE455F60B4} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=57C20B5C-425A-4691-B7EB-B63C4AB36C04&apn_sauid=D13AA595-CBAC-4E16-834E-B02F7B260CEB BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) Toolbar: HKU\S-1-5-21-1123561945-776561741-1801674531-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect C:\Documents and Settings\KaMiLa\Dane aplikacji\DSite C:\Documents and Settings\KaMiLa\Dane aplikacji\PDF Creator Packages C:\Documents and Settings\KaMiLa\Menu Start\Programy\BrowserProtect C:\Documents and Settings\KaMiLa\Menu Start\Programy\eGames C:\Program Files\GUT2.tmp C:\Program Files\GUM1.tmp C:\Program Files\Delta Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite /f Reg: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Creator Packages" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f CMD: dir /a D:\ ***************** Processes closed successfully. C:\WINDOWS\system32\rpcss.dll => Moved successfully. C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\rpcss.dll C:\WINDOWS\system32\imapi.exe => Moved successfully. C:\WINDOWS\system32\dllcache\imapi.exe copied successfully to C:\WINDOWS\system32\imapi.exe BrowserProtect => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_cdcacm => Service deleted successfully. huawei_cdcecm => Service deleted successfully. huawei_enumerator => Service deleted successfully. huawei_ext_ctrl => Service deleted successfully. HWiNFO32 => Service not found. RT80x86 => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay1" => Key deleted successfully. "HKCR\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay2" => Key deleted successfully. "HKCR\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay3" => Key deleted successfully. "HKCR\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay4" => Key deleted successfully. "HKCR\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKU\S-1-5-21-1123561945-776561741-1801674531-1004_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\S-1-5-21-1123561945-776561741-1801674531-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully. "HKU\S-1-5-21-1123561945-776561741-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F10D8717-BF7A-4144-9CA6-E4AE455F60B4}" => Key deleted successfully. HKCR\CLSID\{F10D8717-BF7A-4144-9CA6-E4AE455F60B4} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key not found. HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Value not found. HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Key not found. HKU\S-1-5-21-1123561945-776561741-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect => Moved successfully. C:\Documents and Settings\KaMiLa\Dane aplikacji\DSite => Moved successfully. C:\Documents and Settings\KaMiLa\Dane aplikacji\PDF Creator Packages => Moved successfully. C:\Documents and Settings\KaMiLa\Menu Start\Programy\BrowserProtect => Moved successfully. C:\Documents and Settings\KaMiLa\Menu Start\Programy\eGames => Moved successfully. C:\Program Files\GUT2.tmp => Moved successfully. C:\Program Files\GUM1.tmp => Moved successfully. C:\Program Files\Delta => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Creator Packages" /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\mozilla.org /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukonczona pomyslnie ========= End of Reg: ========= ========= dir /a D:\ ========= Wolumin w stacji D nie ma etykiety. Numer seryjny woluminu: 3AA9-AC1C Katalog: D:\ 2014-11-23 01:23