Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014 Ran by 98 at 2014-08-28 21:27:28 Run:1 Running from G:\frst Boot Mode: Normal ============================================== Content of fixlist: ***************** (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe () C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService\ibsvc.exe R2 IBUpdaterService; C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService\ibsvc.exe [727360 2013-06-08] () R2 IePluginService; C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [425104 2014-03-02] (Taiwan Shui Mu Chih Ching Technology Limited.) R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [501904 2014-02-26] (Cherished Technololgy LIMITED) HKU\S-1-5-21-790525478-1343024091-725345543-1003\...\Run: [99] => wscript.exe //B "C:\Documents and Settings\98\Dane aplikacji\99.vbs" ShortcutWithArgument: C:\Documents and Settings\98\Menu Start\Programy\Akcesoria\NarzÄ™dzia systemowe\Internet Explorer (bez dodatków).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=sc&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086 ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=sc&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1390751574&from=smt&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1390751574&from=smt&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1390751574&from=smt&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086 URLSearchHook: HKCU - UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1390751574&from=smt&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086&type=default&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086&type=default&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086&type=default&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7C6700304F29A9F7&affID=123627&tsp=5001 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086&type=default&q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {90377711-210E-4483-95D6-00C70DE92904} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=7c676fae00000000000000304f29a9f7&affilt=3&r=796 BHO: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files\hosts\hosts-bho.dll (Alex) BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) BHO: dokotoolbar Helper Object -> {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} -> C:\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll (Doko-Toolbar) BHO: SelectionLinks -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> C:\Program Files\OApps\SelectionLinks.dll (SelectionLinks) BHO: ValueApps -> {93DBF2BB-A2B3-4683-A92E-57E60751F346} -> C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.) BHO: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files\Minibar\Minibar.dll (KangoExtensions) BHO: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) Toolbar: HKLM - dokotoolbar Toolbar - {339E1B37-76D3-4A64-A988-E81425DF831C} - C:\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarTlbr.dll (Doko-Toolbar) CustomCLSID: HKU\S-1-5-21-790525478-1343024091-725345543-1003_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}\localserver32 -> C:\Documents and Settings\98\Ustawienia lokalne\Dane aplikacji\Conduit\ValueApps\IE\ValueApps.exe (Conduit Ltd.) Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\98\DANEAP~1\BABSOL~1\Shared\BabMaint. FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Documents and Settings\98\Dane aplikacji\Mozilla\Firefox\Profiles\qec735si.default\extensions\quick_start@gmail.com FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension CHR HomePage: Default -> hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086 CHR NewTab: Default -> "chrome-extension://ifohbjbgfchkkfhphahclmkpgejiplfo/index.html" CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Documents and Settings\98\Dane aplikacji\BabSolution\CR\BabylonChrome1.crx [2013-03-09] CHR HKLM\...\Chrome\Extension: [dkipemekkkamhdafmodmiecddjhkmanm] - C:\Program Files\OApps\chrome-sl.crx [2013-08-07] CHR HKLM\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Documents and Settings\98\Dane aplikacji\BabSolution\CR\Doko.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Documents and Settings\98\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-03-02] CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx [2013-03-07] CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Documents and Settings\98\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-03-02] CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=sc&from=wpm0226&uid=WDCXWD5003ABYX-18WERA0_WD-WMAYP208377583775&ts=1393765086 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION C:\Documents and Settings\98\Dane aplikacji\awesomehp C:\Documents and Settings\98\Dane aplikacji\BabSolution C:\Documents and Settings\98\Dane aplikacji\Babylon C:\Documents and Settings\98\Dane aplikacji\File Scout C:\Documents and Settings\98\Dane aplikacji\Minibar C:\Documents and Settings\98\Dane aplikacji\OpenCandy C:\Documents and Settings\98\Dane aplikacji\PerformerSoft C:\Documents and Settings\All Users\Dane aplikacji\Babylon C:\Documents and Settings\All Users\Dane aplikacji\Logs C:\Documents and Settings\All Users\Dane aplikacji\Panda Security C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Program Files\Minibar C:\WINDOWS\jumpshot.com C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\END E:\AUTORUN.INF G:\Thumbs.db H:\99.vbs Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f CMD: attrib /d /s -s -h E:\* CMD: attrib /d /s -s -h H:\* EmptyTemp: ***************** C:\Documents and Settings\All Users\Dane aplikacji\IePluginService\PluginService.exe => No running process found C:\Program Files\WinZipper\winzipersvc.exe => No running process found C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe => No running process found C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService\ibsvc.exe => No running process found IBUpdaterService => Service stopped successfully. IBUpdaterService => Service deleted successfully. IePluginService => Service stopped successfully. IePluginService => Service deleted successfully. winzipersvc => Service stopped successfully. winzipersvc => Service deleted successfully. Wpm => Service stopped successfully. Wpm => Service deleted successfully. HKU\S-1-5-21-790525478-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\99 => value deleted successfully. C:\Documents and Settings\98\Menu Start\Programy\Akcesoria\NarzÄ™dzia systemowe\Internet Explorer (bez dodatków).lnk => Shortcut argument was restored successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{539F76FD-084E-4858-86D5-62F02F54AE86} => value deleted successfully. "HKCR\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}" => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully. "HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully. "HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{90377711-210E-4483-95D6-00C70DE92904}" => Key deleted successfully. "HKCR\CLSID\{90377711-210E-4483-95D6-00C70DE92904}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110311531182}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}" => Key deleted successfully. "HKCR\CLSID\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}" => Key deleted successfully. "HKCR\CLSID\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}" => Key deleted successfully. "HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}" => Key deleted successfully. "HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" => Key deleted successfully. "HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{339E1B37-76D3-4A64-A988-E81425DF831C} => value deleted successfully. "HKCR\CLSID\{339E1B37-76D3-4A64-A988-E81425DF831C}" => Key deleted successfully. "HKU\S-1-5-21-790525478-1343024091-725345543-1003_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}" => Key deleted successfully. C:\WINDOWS\Tasks\EPUpdater.job => Moved successfully. C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\quick_start@gmail.com => value deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. Chrome HomePage deleted successfully. Chrome NewTab deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb" => Key deleted successfully. C:\Documents and Settings\98\Dane aplikacji\BabSolution\CR\BabylonChrome1.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\dkipemekkkamhdafmodmiecddjhkmanm" => Key deleted successfully. C:\Program Files\OApps\chrome-sl.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\edcikfknpchdehdlmjpbofgkoaonaijg" => Key deleted successfully. C:\Documents and Settings\98\Dane aplikacji\BabSolution\CR\Doko.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo" => Key deleted successfully. C:\Documents and Settings\98\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\newtab.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc" => Key deleted successfully. C:\Program Files\Yontoo\YontooLayers.crx => Moved successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo" => Key deleted successfully. C:\Documents and Settings\98\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ep.crx => Moved successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKCU\SOFTWARE\Policies\Google" => Key deleted successfully. C:\Documents and Settings\98\Dane aplikacji\awesomehp => Moved successfully. C:\Documents and Settings\98\Dane aplikacji\BabSolution => Moved successfully. C:\Documents and Settings\98\Dane aplikacji\Babylon => Moved successfully. C:\Documents and Settings\98\Dane aplikacji\File Scout => Moved successfully. C:\Documents and Settings\98\Dane aplikacji\Minibar => Moved successfully. C:\Documents and Settings\98\Dane aplikacji\OpenCandy => Moved successfully. C:\Documents and Settings\98\Dane aplikacji\PerformerSoft => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Babylon => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Logs => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Panda Security => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\TEMP => Moved successfully. C:\Program Files\Minibar => Moved successfully. C:\WINDOWS\jumpshot.com => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. C:\END => Moved successfully. "E:\AUTORUN.INF" => File/Directory not found. G:\Thumbs.db => Moved successfully. "H:\99.vbs" => File/Directory not found. ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= attrib /d /s -s -h E:\* ========= Nie mo¾na odnale«† ˜cie¾ki - E:\. ========= End of CMD: ========= ========= attrib /d /s -s -h H:\* ========= Nie mo¾na odnale«† ˜cie¾ki - H:\. ========= End of CMD: ========= EmptyTemp: => Removed 2.3 GB temporary data. The system needed a reboot. ==== End of Fixlog ====