Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015 Ran by User at 2015-01-22 18:59:32 Run:1 Running from D:\FRST Loaded Profiles: User (Available profiles: User & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1419677414&from=smt&uid=SAMSUNGXSP1634N_1490J1FA101614&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419677414&from=smt&uid=SAMSUNGXSP1634N_1490J1FA101614&q={searchTerms} HKU\S-1-5-21-1482476501-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1419677326&from=smt&uid=SAMSUNGXSP1634N_1490J1FA101614&q={searchTerms} HKU\S-1-5-21-1482476501-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1419677326&from=smt&uid=SAMSUNGXSP1634N_1490J1FA101614&q={searchTerms} URLSearchHook: HKU\S-1-5-21-1482476501-1409082233-725345543-1003 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1419677326&from=smt&uid=SAMSUNGXSP1634N_1490J1FA101614 SearchScopes: HKU\S-1-5-21-1482476501-1409082233-725345543-1003 -> {FB9E195E-4F10-41C2-B20E-5AD5A93E47C8} URL = http://www.search.ask.com/web?tpid=SPC-SP&o=APN10951&pf=V7&p2=^B20^aaa166^YY^PL&gct=sb&itbv=12.16.2.1855&apn_uid=AB141755-E3F8-4E24-A95D-C83A4ADC6A85&apn_ptnrs=^B20&apn_dtid=^aaa166^YY^PL&apn_dbr=cr_37.0.2062.120&doi=2014-09-16&trgb=CR&q={searchTerms}&psv=&pt=tb Toolbar: HKU\S-1-5-21-1482476501-1409082233-725345543-1003 -> No Name - {5350432D-5350-006A-76A7-7A786E7484D7} - No File DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab S1 ISODrive; \??\D:\Karolina\Różne\UltraIso\UltraISO\drivers\ISODrive.sys [X] C:\Documents and Settings\All Users\Dane aplikacji\IePluginServices C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect C:\Documents and Settings\All Users\Menu Start\Programy\Acoolsoft C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Pro C:\Documents and Settings\All Users\Menu Start\Programy\Java C:\Documents and Settings\All Users\Menu Start\Programy\LizardTech C:\Documents and Settings\All Users\Menu Start\Programy\NapiProjekt C:\Documents and Settings\All Users\Menu Start\Programy\PDFCreator\Images2PDF.lnk C:\Documents and Settings\All Users\Menu Start\Programy\PDFCreator\Translation Tool.lnk C:\Documents and Settings\All Users\Menu Start\Programy\UltraISO C:\Documents and Settings\All Users\Menu Start\Programy\VideoLAN C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Pro.lnk C:\Documents and Settings\All Users\Pulpit\VLC media player.lnk C:\Documents and Settings\User\Dane aplikacji\AnyProtectEx C:\Documents and Settings\User\Dane aplikacji\mystartsearch C:\Documents and Settings\User\Dane aplikacji\omiga-plus C:\Documents and Settings\User\Dane aplikacji\wiaserva.log C:\Documents and Settings\User\Dane aplikacji\Microsoft\Office\Niedawny\*.LNK C:\Documents and Settings\User\Menu Start\Programy\FoxTab PDF Converter C:\Documents and Settings\User\Menu Start\Programy\Mobogenie C:\Documents and Settings\User\Menu Start\Programy\Start Lollipop C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\nsr1BD.tmp C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\nsx20C.tmp C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mobogenie C:\WINDOWS\jumpshot.com C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension CMD: attrib /d /s -r -s -h C:\FOUND.* CMD: for /d %f in (C:\FOUND.*) do rd /s /q "%f" Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\WINDOWS\Tasks\APSnotifierPP1.job => Moved successfully. C:\WINDOWS\Tasks\APSnotifierPP2.job => Moved successfully. C:\WINDOWS\Tasks\APSnotifierPP3.job => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck => value deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1482476501-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-1482476501-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1482476501-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKU\S-1-5-21-1482476501-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB9E195E-4F10-41C2-B20E-5AD5A93E47C8}" => Key deleted successfully. HKCR\CLSID\{FB9E195E-4F10-41C2-B20E-5AD5A93E47C8} => Key not found. HKU\S-1-5-21-1482476501-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5350432D-5350-006A-76A7-7A786E7484D7} => value deleted successfully. HKCR\CLSID\{5350432D-5350-006A-76A7-7A786E7484D7} => Key not found. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}" => Key deleted successfully. HKCR\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} => Key not found. ISODrive => Service deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\IePluginServices => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Acoolsoft => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Pro => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\Java => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\LizardTech => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\NapiProjekt => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\PDFCreator\Images2PDF.lnk => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\PDFCreator\Translation Tool.lnk => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\UltraISO => Moved successfully. C:\Documents and Settings\All Users\Menu Start\Programy\VideoLAN => Moved successfully. C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Pro.lnk => Moved successfully. C:\Documents and Settings\All Users\Pulpit\VLC media player.lnk => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\AnyProtectEx => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\mystartsearch => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\omiga-plus => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\wiaserva.log => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\Microsoft\Office\Niedawny\*.LNK => Moved successfully. C:\Documents and Settings\User\Menu Start\Programy\FoxTab PDF Converter => Moved successfully. C:\Documents and Settings\User\Menu Start\Programy\Mobogenie => Moved successfully. C:\Documents and Settings\User\Menu Start\Programy\Start Lollipop => Moved successfully. C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\nsr1BD.tmp => Moved successfully. C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\nsx20C.tmp => Moved successfully. C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Mobogenie => Moved successfully. C:\WINDOWS\jumpshot.com => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= attrib /d /s -r -s -h C:\FOUND.* ========= ========= End of CMD: ========= ========= for /d %f in (C:\FOUND.*) do rd /s /q "%f" ========= ========= End of CMD: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 19:01:13 ====