Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014 Ran by Dawid at 2014-05-02 12:13:07 Run:1 Running from C:\Documents and Settings\Dawid\Pulpit\Nowy folder Boot Mode: Normal ============================================== Content of fixlist: ***************** (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe (PriceMeter) C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe () C:\Program Files\BrowseMark\updateBrowseMark.exe () C:\Program Files\BrowseMark\bin\utilBrowseMark.exe (PriceMeter) C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\PriceMeter\pricemeterw.exe R2 IePluginService; C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) S2 pricemeterliveUpdate; C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-04-18] (PriceMeter) S3 pricemeterliveUpdatem; C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-04-18] (PriceMeter) R2 Update BrowseMark; C:\Program Files\BrowseMark\updateBrowseMark.exe [316704 2014-04-30] () R2 Util BrowseMark; C:\Program Files\BrowseMark\bin\utilBrowseMark.exe [316704 2014-05-01] () R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [566272 2014-04-18] (Cherished Technololgy LIMITED) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Movies Toolbar\Datamngr\setmgrc1.cfg [31096 2014-04-06] (Bandoo Media Inc) R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-04-19] (StdLib) Task: C:\WINDOWS\Tasks\At5.job => C:\DOCUME~1\Dawid\DANEAP~1\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\pricemetertask.job => C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\PriceMeter\pricemeter.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\pricemeterwatcher.job => C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\PriceMeter\pricemeterw.exe <==== ATTENTION HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION HKLM\...\AppCertDlls: [x86] -> c:\program files\movies toolbar\datamngr\apcrtldr.dll [490496 2014-04-06] () <===== ATTENTION HKLM\...\Run: [] => [X] IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKU\S-1-5-21-1845119400-1298913301-3594010967-1005\...\Run: [PriceMeterW] => C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\PriceMeter\pricemeterw.exe [309256 2014-04-13] (PriceMeter) HKU\S-1-5-21-1845119400-1298913301-3594010967-1005\...\Run: [iLivid] => "C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\iLivid\iLivid.exe" -autorun HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1397832165&from=cor&uid=HitachiXHTS541610J9SA00_SB2C01SMG1LDEBG1LDEBX&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=974&systemid=406&v=n12281-321&apn_uid=5075453358044284&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) FF Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter) FF Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Documents and Settings\Dawid\Dane aplikacji\Mozilla\Firefox\Profiles\k892xccp.default\extensions\quick_start@gmail.com FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml C:\Documents and Settings\All Users\Dane aplikacji\48e4ac4dbef777db C:\Documents and Settings\All Users\Dane aplikacji\AVG C:\Documents and Settings\All Users\Dane aplikacji\Common Files C:\Documents and Settings\All Users\Dane aplikacji\F-Secure C:\Documents and Settings\All Users\Dane aplikacji\SuperbApp C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} C:\Documents and Settings\LocalService\Dane aplikacji\AVG C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\AVG C:\Documents and Settings\Dawid\Dane aplikacji\AVG C:\Documents and Settings\Dawid\Dane aplikacji\OpenCandy C:\Documents and Settings\Dawid\Dane aplikacji\Opera Software C:\Documents and Settings\Dawid\Dane aplikacji\SimilarSites C:\Documents and Settings\Dawid\Dane aplikacji\SupTab C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\AVG C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Comodo C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Google\Chrome C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Opera Software C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Torch C:\Documents and Settings\Administrator C:\Documents and Settings\Gość C:\Documents and Settings\Pomocnik C:\Documents and Settings\SUPPORT_388945a0 C:\Program Files\AVG C:\Program Files\Opera C:\Program Files\SiteFinder C:\WINDOWS\System32\drivers\tStLibG.sys C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser" /v {C4069E3A-68F1-403E-B40E-20066696354B} /f Reboot: ***************** C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe => No running process found C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe => No running process found C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe => No running process found C:\Program Files\BrowseMark\updateBrowseMark.exe => No running process found C:\Program Files\BrowseMark\bin\utilBrowseMark.exe => No running process found C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\PriceMeter\pricemeterw.exe => No running process found IePluginService => Service stopped successfully. IePluginService => Service deleted successfully. pricemeterliveUpdate => Service deleted successfully. pricemeterliveUpdatem => Service deleted successfully. Update BrowseMark => Unable to stop service Update BrowseMark => Service deleted successfully. Util BrowseMark => Unable to stop service Util BrowseMark => Service deleted successfully. Wpm => Service stopped successfully. Wpm => Service deleted successfully. F06DEFF2-5B9C-490D-910F-35D3A9119622 => Unable to stop service F06DEFF2-5B9C-490D-910F-35D3A9119622 => Service deleted successfully. tStLibG => Unable to stop service tStLibG => Service deleted successfully. C:\WINDOWS\Tasks\At5.job => Moved successfully. C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => Moved successfully. C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => Moved successfully. C:\WINDOWS\Tasks\pricemetertask.job => Moved successfully. C:\WINDOWS\Tasks\pricemeterwatcher.job => Moved successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully. HKU\S-1-5-21-1845119400-1298913301-3594010967-1005\Software\Microsoft\Windows\CurrentVersion\Run\\PriceMeterW => Value deleted successfully. HKU\S-1-5-21-1845119400-1298913301-3594010967-1005\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully. HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully. HKLM\Software\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 => Key deleted successfully. C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll => Moved successfully. HKLM\Software\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 => Key deleted successfully. C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll not found. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\quick_start@gmail.com => Value deleted successfully. C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\48e4ac4dbef777db => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Common Files => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\F-Secure => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\SuperbApp => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => Moved successfully. C:\Documents and Settings\LocalService\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\Dawid\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\Dawid\Dane aplikacji\OpenCandy => Moved successfully. C:\Documents and Settings\Dawid\Dane aplikacji\Opera Software => Moved successfully. C:\Documents and Settings\Dawid\Dane aplikacji\SimilarSites => Moved successfully. C:\Documents and Settings\Dawid\Dane aplikacji\SupTab => Moved successfully. C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Comodo => Moved successfully. C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Google\Chrome => Moved successfully. C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Opera Software => Moved successfully. C:\Documents and Settings\Dawid\Ustawienia lokalne\Dane aplikacji\Torch => Moved successfully. C:\Documents and Settings\Administrator => Moved successfully. C:\Documents and Settings\Gość => Moved successfully. C:\Documents and Settings\Pomocnik => Moved successfully. C:\Documents and Settings\SUPPORT_388945a0 => Moved successfully. C:\Program Files\AVG => Moved successfully. C:\Program Files\Opera => Moved successfully. C:\Program Files\SiteFinder => Moved successfully. C:\WINDOWS\System32\drivers\tStLibG.sys => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser" /v {C4069E3A-68F1-403E-B40E-20066696354B} /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====