Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by ADMIN at 2014-04-06 14:26:16 Run:1 Running from C:\Users\ADMIN\Desktop\anty Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Program Files\Jump Flip\updateJumpFlip.exe () C:\Program Files\Jump Flip\bin\utilJumpFlip.exe R2 Update Jump Flip; C:\Program Files\Jump Flip\updateJumpFlip.exe [350496 2014-04-03] () R2 Util Jump Flip; C:\Program Files\Jump Flip\bin\utilJumpFlip.exe [350496 2014-04-03] () S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X] S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /svc [X] S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /medsvc [X] AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found Task: {447DF066-487B-4CD4-8237-D937324FB4F1} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe Task: {5ADA26F2-D8AD-49AC-9929-8E1E14544A67} - System32\Tasks\DiscountFrenzy-codedownloader => C:\Program Files\DiscountFrenzy\DiscountFrenzy-codedownloader.exe [2014-01-31] (DiscountFrenzy) Task: {7C6B9F25-8DFD-4FFF-B3F2-8F71FD464B61} - System32\Tasks\DiscountFrenzy-firefoxinstaller => C:\Program Files\DiscountFrenzy\DiscountFrenzy-firefoxinstaller.exe Task: {90241381-0AD0-41DF-9783-FC659B285A40} - System32\Tasks\FoxTab => C:\Users\ADMIN\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {C6140120-19C1-413F-B1B6-83F3140DACF2} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: {D3BDD795-301A-4460-8B73-BEBE2FE70ADE} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: {D65F9388-B516-4EC6-A99C-9B1F8B0F1512} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe Task: C:\Windows\Tasks\DiscountFrenzy-codedownloader.job => C:\Program Files\DiscountFrenzy\DiscountFrenzy-codedownloader.exe Task: C:\Windows\Tasks\DiscountFrenzy-firefoxinstaller.job => C:\Program Files\DiscountFrenzy\DiscountFrenzy-firefoxinstaller.exe Task: C:\Windows\Tasks\FoxTab.job => C:\Users\ADMIN\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF3F6CD5E-1770-4852-8988-1A4931B9D625&SSPV= StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199&type=default&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199&type=default&q={searchTerms} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF3F6CD5E-1770-4852-8988-1A4931B9D625&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPF3F6CD5E-1770-4852-8988-1A4931B9D625&q={searchTerms}&SSPV= SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199&type=default&q={searchTerms} CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\ADMIN\AppData\Local\foxtab_speeddial.crx [2013-11-09] CHR HKLM\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx [2014-02-27] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-11-09] CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\ADMIN\AppData\Local\foxtab_speeddial.crx [2013-11-09] ShortcutWithArgument: C:\Users\ADMIN\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199 ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199 ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199 ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=3219913727_67190_C01EBD9B&ts=1384016199 C:\Program Files\SearchProtect1259255 C:\Windows\system32\SearchProtect C:\Users\ADMIN\AppData\Roaming\OpenCandy C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie C:\Users\ADMIN\Desktop\programy\Kontynuuj instalację Steam.lnk C:\Users\ADMIN\Downloads\Samsung-Kies(24418).exe C:\Users\ADMIN\Downloads\SAMSUNG GALAXY-ACE-2-GT-I8160 driver provided through paweldrivers.com.exe Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect /f Reg: reg delete "HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3" /f Reg: reg delete "HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9" /f Reg: reg delete "HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f Reg: reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f Reg: reg delete "HKU\S-1-5-21-2378528702-529034937-1684982878-1002\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /f Reboot: ***************** [472] C:\Program Files\Jump Flip\updateJumpFlip.exe => Process closed successfully. [3232] C:\Program Files\Jump Flip\bin\utilJumpFlip.exe => Process closed successfully. Update Jump Flip => Service stopped successfully. Update Jump Flip => Service deleted successfully. Util Jump Flip => Service deleted successfully. CltMngSvc => Service deleted successfully. savesenselive => Service deleted successfully. savesenselivem => Service deleted successfully. "C:\\PROGRA~1\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{447DF066-487B-4CD4-8237-D937324FB4F1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{447DF066-487B-4CD4-8237-D937324FB4F1} => Key deleted successfully. C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Processor => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Processor => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5ADA26F2-D8AD-49AC-9929-8E1E14544A67} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ADA26F2-D8AD-49AC-9929-8E1E14544A67} => Key deleted successfully. C:\Windows\System32\Tasks\DiscountFrenzy-codedownloader => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiscountFrenzy-codedownloader => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C6B9F25-8DFD-4FFF-B3F2-8F71FD464B61} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C6B9F25-8DFD-4FFF-B3F2-8F71FD464B61} => Key deleted successfully. C:\Windows\System32\Tasks\DiscountFrenzy-firefoxinstaller => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiscountFrenzy-firefoxinstaller => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90241381-0AD0-41DF-9783-FC659B285A40} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90241381-0AD0-41DF-9783-FC659B285A40} => Key deleted successfully. C:\Windows\System32\Tasks\FoxTab => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6140120-19C1-413F-B1B6-83F3140DACF2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6140120-19C1-413F-B1B6-83F3140DACF2} => Key deleted successfully. C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineCore => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3BDD795-301A-4460-8B73-BEBE2FE70ADE} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3BDD795-301A-4460-8B73-BEBE2FE70ADE} => Key deleted successfully. C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineUA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D65F9388-B516-4EC6-A99C-9B1F8B0F1512} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D65F9388-B516-4EC6-A99C-9B1F8B0F1512} => Key deleted successfully. C:\Windows\System32\Tasks\Norton Identity Safe\Norton Error Analyzer => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Identity Safe\Norton Error Analyzer => Key deleted successfully. C:\Windows\Tasks\DiscountFrenzy-codedownloader.job => Moved successfully. C:\Windows\Tasks\DiscountFrenzy-firefoxinstaller.job => Moved successfully. C:\Windows\Tasks\FoxTab.job => Moved successfully. C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm => Key deleted successfully. C:\Users\ADMIN\AppData\Local\foxtab_speeddial.crx => Moved successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\debmkdhphjfcbaomiknnceliiclnpmfg => Key deleted successfully. C:\Program Files\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx => Moved successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo => Key deleted successfully. C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx => Moved successfully. HKCU\SOFTWARE\Google\Chrome\Extensions\dchmpbaclbiioedakpcldenooikekokm => Key deleted successfully. "C:\Users\ADMIN\AppData\Local\foxtab_speeddial.crx" => File/Directory not found. C:\Users\ADMIN\Desktop\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument was restored successfully. C:\Users\ADMIN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Program Files\SearchProtect1259255 => Moved successfully. C:\Windows\System32\SearchProtect => Moved successfully. C:\Users\ADMIN\AppData\Roaming\OpenCandy => Moved successfully. C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense => Moved successfully. C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie => Moved successfully. C:\Users\ADMIN\Desktop\programy\Kontynuuj instalację Steam.lnk => Moved successfully. C:\Users\ADMIN\Downloads\Samsung-Kies(24418).exe => Moved successfully. "C:\Users\ADMIN\Downloads\SAMSUNG GALAXY-ACE-2-GT-I8160 driver provided through paweldrivers.com.exe" => File/Directory not found. ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Start Page" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-2378528702-529034937-1684982878-1002\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====