Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-08-2014 Ran by Victoria at 2014-08-30 20:28:05 Run:1 Running from C:\Users\Victoria\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {3D75E5A8-9B18-4E0A-876E-F2896478E7F2} - System32\Tasks\Installer_sense => C:\Users\Victoria\AppData\Local\Installer\Installsense_300\delay.exe <==== ATTENTION Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Task: {FDB52F42-C03C-4864-A7BF-938DE72F93CE} - System32\Tasks\Installer_iwebar => C:\Users\Victoria\AppData\Local\Installer\Installiwebar_300\delay.exe <==== ATTENTION C:\Users\UpdatusUser\Desktop\PDF Blender.lnk ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 HKU\S-1-5-21-3094628068-4059591873-1470419566-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Victoria\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-3094628068-4059591873-1470419566-1002\...\Run: [AdobeBridge] => [X] HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur..._S2Y4J9ED608081 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur..._S2Y4J9ED608081 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol..._91215&tsp=5016 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur..._S2Y4J9ED608081 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur..._S2Y4J9ED608081 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur..._S2Y4J9ED608081 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur..._S2Y4J9ED608081 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsur..._S2Y4J9ED608081 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.doko-sear...125839&tsp=5038 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsur...q={searchTerms} BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll (Goobzo Ltd.) C:\ProgramData\YTAHelper\YTAHelper64.dll BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1409411408&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9ED608081 FF DefaultSearchEngine: istartsurf FF SelectedSearchEngine: istartsurf FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\istartsurf.xml FF Extension: Fast Start - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\d12wegkw.default\Extensions\faststartff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\d12wegkw.default\extensions\faststartff@gmail.com FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsur..._S2Y4J9ED608081 CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File C:\ProgramData\YTAHelper C:\Program Files\Common Files\ShopperPro C:\ProgramData\WindowsMangerProtect C:\ProgramData\ShopperPro C:\ProgramData\IePluginServices C:\WINDOWS\System32\Tasks\Installer_iwebar C:\WINDOWS\System32\Tasks\Installer_sense C:\Users\Public\Documents\YTAHelper C:\Users\Public\Documents\ShopperPro C:\Users\Public\Documents\GOOBZO C:\Program Files (x86)\YTAHelper C:\Program Files (x86)\SupTab C:\Users\Victoria\AppData\Roaming\istartsurf C:\WINDOWS\system32\sru C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D75E5A8-9B18-4E0A-876E-F2896478E7F2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D75E5A8-9B18-4E0A-876E-F2896478E7F2}" => Key deleted successfully. C:\Windows\System32\Tasks\Installer_sense => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense" => Key deleted successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDB52F42-C03C-4864-A7BF-938DE72F93CE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDB52F42-C03C-4864-A7BF-938DE72F93CE}" => Key deleted successfully. C:\Windows\System32\Tasks\Installer_iwebar => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar" => Key deleted successfully. C:\Users\UpdatusUser\Desktop\PDF Blender.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\Victoria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Victoria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\Users\Victoria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Victoria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument was removed successfully. HKU\S-1-5-21-3094628068-4059591873-1470419566-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. HKU\S-1-5-21-3094628068-4059591873-1470419566-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found. "HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. "HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. "C:\ProgramData\YTAHelper\YTAHelper64.dll" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Value not found. "HKCR\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}" => Key not found. Firefox newtab deleted successfully. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. "C:\Program Files (x86)\mozilla firefox\searchplugins\istartsurf.xml" => not found. FF Extension: Fast Start - C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\d12wegkw.default\Extensions\faststartff@gmail.com not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => Value not found. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully. C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found. C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found. C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll not found. c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL not found. "C:\ProgramData\YTAHelper" => File/Directory not found. C:\Program Files\Common Files\ShopperPro => Moved successfully. "C:\ProgramData\WindowsMangerProtect" => File/Directory not found. "C:\ProgramData\ShopperPro" => File/Directory not found. "C:\ProgramData\IePluginServices" => File/Directory not found. "C:\WINDOWS\System32\Tasks\Installer_iwebar" => File/Directory not found. "C:\WINDOWS\System32\Tasks\Installer_sense" => File/Directory not found. "C:\Users\Public\Documents\YTAHelper" => File/Directory not found. "C:\Users\Public\Documents\ShopperPro" => File/Directory not found. C:\Users\Public\Documents\GOOBZO => Moved successfully. "C:\Program Files (x86)\YTAHelper" => File/Directory not found. "C:\Program Files (x86)\SupTab" => File/Directory not found. "C:\Users\Victoria\AppData\Roaming\istartsurf" => File/Directory not found. C:\WINDOWS\system32\sru => Moved successfully. C:\ProgramData\SetStretch.exe => Moved successfully. C:\ProgramData\SetStretch.VBS => Moved successfully. EmptyTemp: => Removed 488.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====