Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015 Ran by A at 2015-03-23 14:38:45 Run:1 Running from C:\Users\A\Desktop Loaded Profiles: A (Available profiles: A & Gość) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-12] (SysTool PasSame LIMITED) S1 MpKsle7f29d17; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0744095-0A5E-44E9-9BCF-BFA1153B3893}\MpKsle7f29d17.sys [X] HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426188065&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426188065&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dspp&ts=1426188203&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://do-search.com/web/?type=dspp&ts=1426188203&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1426188203&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1426188203&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {36222043-542C-49D1-8F69-702470B129EC} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {4E0E17DB-2615-4F76-AE25-BB25CD5BEC40} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2664477281-1290234535-2196259844-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=HitachiXHTS543225L9A300_090112FB8F00LLKUJUSAX&ts=1426188216&type=default&q={searchTerms} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318\extensions\searchengine@gmail.com FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\g4bs46q4.default-1406216111318\extensions\fftoolbar2014@etech.com Task: {130A1754-A921-46FB-9621-D4F754F75237} - \GlaryInitialize 4 No Task File <==== ATTENTION Task: {3B9FC579-A925-475A-B5BC-E3BEA67C97C0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe Task: {8AB192D5-295D-4B6B-9B28-09FA0581B207} - System32\Tasks\{0168E345-B01C-4925-951F-907C95154A0D} => pcalua.exe -a "C:\Programy\mp4 to mp3\uninstall\uninstall.exe" -d "C:\Programy\mp4 to mp3\uninstall" Task: {DF30D9CD-51AC-4983-9564-C0996BEABC98} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Programy\Optymalizacja\Glary Utilities 4\Initialize.exe C:\Program Files\Mozilla Firefox\plugins C:\Program Files\XTab C:\ProgramData\9EDE8056CF.sys C:\ProgramData\KGyGaAvL.sys C:\ProgramData\HidManager.dll C:\ProgramData\IHProtectUpDate C:\ProgramData\TEMP C:\ProgramData\WindowsMangerProtect C:\Users\A\AppData\Local\Google\Chrome C:\Users\A\AppData\Local\FluxSoftware C:\Users\A\AppData\Local\PriceFountain C:\Users\A\AppData\Roaming\Helper Scripts C:\Users\A\AppData\Roaming\Hip Hop C:\Users\A\AppData\Roaming\Home C:\Users\A\AppData\Roaming\Sys6925.Config Collection.sys C:\Users\A\AppData\Roaming\Sys2662.Config.Repository.bin C:\Users\A\AppData\Roaming\UserTile.png C:\Users\Gość\Desktop\VueScan.lnk C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\Windows\System32\Tasks\Norton Identity Safe DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AdvancedSystemCareService6" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AVGIDSAgent" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Bonjour Service" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gusvc" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 6" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FacebookUpdate.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center" /f Hosts: EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. WindowsMangerProtect => Service deleted successfully. MpKsle7f29d17 => Service deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully. HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. "HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36222043-542C-49D1-8F69-702470B129EC}" => Key deleted successfully. HKCR\CLSID\{36222043-542C-49D1-8F69-702470B129EC} => Key not found. "HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E0E17DB-2615-4F76-AE25-BB25CD5BEC40}" => Key deleted successfully. HKCR\CLSID\{4E0E17DB-2615-4F76-AE25-BB25CD5BEC40} => Key not found. "HKU\S-1-5-21-2664477281-1290234535-2196259844-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully. HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\searchengine@gmail.com => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{130A1754-A921-46FB-9621-D4F754F75237}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{130A1754-A921-46FB-9621-D4F754F75237}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 4" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B9FC579-A925-475A-B5BC-E3BEA67C97C0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B9FC579-A925-475A-B5BC-E3BEA67C97C0}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Analyzer => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Analyzer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AB192D5-295D-4B6B-9B28-09FA0581B207}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AB192D5-295D-4B6B-9B28-09FA0581B207}" => Key deleted successfully. C:\Windows\System32\Tasks\{0168E345-B01C-4925-951F-907C95154A0D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0168E345-B01C-4925-951F-907C95154A0D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF30D9CD-51AC-4983-9564-C0996BEABC98}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF30D9CD-51AC-4983-9564-C0996BEABC98}" => Key deleted successfully. C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Processor => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Processor" => Key deleted successfully. C:\Windows\Tasks\GlaryInitialize 4.job => Moved successfully. C:\Program Files\Mozilla Firefox\plugins => Moved successfully. C:\Program Files\XTab => Moved successfully. C:\ProgramData\9EDE8056CF.sys => Moved successfully. C:\ProgramData\KGyGaAvL.sys => Moved successfully. C:\ProgramData\HidManager.dll => Moved successfully. C:\ProgramData\IHProtectUpDate => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\A\AppData\Local\Google\Chrome => Moved successfully. C:\Users\A\AppData\Local\FluxSoftware => Moved successfully. C:\Users\A\AppData\Local\PriceFountain => Moved successfully. C:\Users\A\AppData\Roaming\Helper Scripts => Moved successfully. C:\Users\A\AppData\Roaming\Hip Hop => Moved successfully. C:\Users\A\AppData\Roaming\Home => Moved successfully. C:\Users\A\AppData\Roaming\Sys6925.Config Collection.sys => Moved successfully. C:\Users\A\AppData\Roaming\Sys2662.Config.Repository.bin => Moved successfully. C:\Users\A\AppData\Roaming\UserTile.png => Moved successfully. C:\Users\Gość\Desktop\VueScan.lnk => Moved successfully. C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. C:\Windows\System32\Tasks\Norton Identity Safe => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe => Key Deleted successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AdvancedSystemCareService6" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AVGIDSAgent" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Bonjour Service" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gusvc" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 6" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FacebookUpdate.exe" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 891.2 MB temporary data. The system needed a reboot. ==== End of Fixlog 14:44:27 ====