Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-04-2015
Ran by User at 2015-04-14 13:47:54 Run:1
Running from C:\Documents and Settings\User\Desktop\frst
Loaded Profiles: User (Available profiles: User & Ania i Grześ)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:CreateRestorePoint:R2 Update Greener Web; C:\Program Files\Greener Web\updateGreenerWeb.exe [318752 2014-06-29] ()R2 Util Greener Web; C:\Program Files\Greener Web\bin\utilGreenerWeb.exe [318752 2014-06-29] ()S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]S4 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2014-12-26] (Fuyu LIMITED) [File not signed]Task: C:\WINDOWS\Tasks\64e02fd5-38d4-4796-99b5-94f9ce61e8e9-1.job => C:\Program Files\SavePass\SavePass-codedownloader.exeE/lVhSU /rcbYrfph=task /ZpBCgxxtc='SavePass' /opKZNk=57050 /CjftjJ='001504' /JlFutVD='0' /xsGyTcGOL='0' /uEdfKzwvS=3C1D0284B59B46099EBF9B6E9B4DB9F7IE /TRIdwDGm=2a6fa4d6fca1f2f51cc66965dd418d08 /vxIZPlGJu=1_34_06_10 /vHvQAs=1.34.6.10 /nkaOBMRBi=1403270371 /YSZaXHc=http:/stats.datagenserv.com /hSYjiK=http:/errors.datagenserv.com /jpelGLu=http:/js.datagenserv.com /tQQrCEVl=opera /VLUYScLFK=http:/js.clientdemocloud.com /JKizC /bOpFcHBjn='{asw:[2, 12582980, 0]}' /JGGFP='http:/update.datagenserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTIONTask: C:\WINDOWS\Tasks\64e02fd5-38d4-4796-99b5-94f9ce61e8e9-4.job => C:\Program Files\SavePass\64e02fd5-38d4-4796-99b5-94f9ce61e8e9-4.exeq/yiYpEh /ZpBCgxxtc='SavePass' /fekQtsK C:\Program Files\SavePass\57050.xpi' /opKZNk=57050 /CjftjJ='001504' /JlFutVD='0' /xsGyTcGOL='0' /uEdfKzwvS=3C1D0284B59B46099EBF9B6E9B4DB9F7IE /TRIdwDGm=2a6fa4d6fca1f2f51cc66965dd418d08 /vxIZPlGJu=1_34_06_10 /vHvQAs=1.34.6.10 /nkaOBMRBi=1403270371 /YSZaXHc=http:/stats.datagenserv.com /hSYjiK=http:/errors.datagenserv.com /jTZPGdj=300 /iHOqOSqX=587fea1b-1c76-43c0-8b29-3c3da78e2485@2309207e-4ba6-42d8-b8a2-3b0a22e052b5.com /CIoZrUwqh=0.94 /rWNAvk=a587fea1b1c7643c08b293c3da78e24852309207e4ba642d8b8a23b0a22e052b5com57050 /DSfhfiuz=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/57050.rdf /cIstfpesq='SavePass' /xpLdKr='Just Save!' /kRdSKzd='OutBrowse' /tQQrCEVl=opera /bOpFcHBjn='{asw:[2, 12582980, 0]}' /JKizC /SaWjDhp /eyWjDj /JGGFP='http:/update.datagenserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTIONTask: C:\WINDOWS\Tasks\bench-sys.job => C:\Program Files\Bench\Updater\updater.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\bench-Updater removing.job => XN EG /verysilent SYSTEM This will uninstall Updater <==== ATTENTIONTask: C:\WINDOWS\Tasks\ffc1b485-31d9-46a5-a2fb-3de6a491d187-1.job => C:\Program Files\HQ-V1.4\HQ-V1.4-codedownloader.exe>/lVhSU /rcbYrfph=task /ZpBCgxxtc='HQ-V1.4' /opKZNk=58362 /CjftjJ='001553' /JlFutVD='0' /xsGyTcGOL='0' /uEdfKzwvS=9D5BD2C10EC341E3ADB65532CC207B80IE /TRIdwDGm=1c54ce95e4bfb8cc49a64f36322e09ee /vxIZPlGJu=1_34_06_10 /vHvQAs=1.34.6.10 /nkaOBMRBi=1403270331 /YSZaXHc=http:/stats.datagenserv.com /hSYjiK=http:/errors.datagenserv.com /jpelGLu=http:/js.datagenserv.com /tQQrCEVl=opera /VLUYScLFK=http:/js.clientdemocloud.com /JKizC /bOpFcHBjn='{asw:[2, 68, 0]}' /JGGFP='http:/update.datagenserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTIONTask: C:\WINDOWS\Tasks\ffc1b485-31d9-46a5-a2fb-3de6a491d187-4.job => C:\Program Files\HQ-V1.4\ffc1b485-31d9-46a5-a2fb-3de6a491d187-4.exeŚ/yiYpEh /ZpBCgxxtc='HQ-V1.4' /fekQtsK C:\Program Files\HQ-V1.4\58362.xpi' /opKZNk=58362 /CjftjJ='001553' /JlFutVD='0' /xsGyTcGOL='0' /uEdfKzwvS=9D5BD2C10EC341E3ADB65532CC207B80IE /TRIdwDGm=1c54ce95e4bfb8cc49a64f36322e09ee /vxIZPlGJu=1_34_06_10 /vHvQAs=1.34.6.10 /nkaOBMRBi=1403270331 /YSZaXHc=http:/stats.datagenserv.com /hSYjiK=http:/errors.datagenserv.com /jTZPGdj=300 /iHOqOSqX=508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com /CIoZrUwqh=0.94 /rWNAvk=a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362 /DSfhfiuz=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/58362.rdf /cIstfpesq='HQ-V1.4' /xpLdKr='Turn YouTube videos to High Definition by default' /kRdSKzd='HQV1.4' /tQQrCEVl=opera /bOpFcHBjn='{asw:[2, 68, 0]}' /JKizC /SaWjDhp /eyWjDj /JGGFP='http:/update.datagenserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTIONTask: C:\WINDOWS\Tasks\fun4us_notification_service.job => C:\Documents and Settings\User\Local Settings\Application Data\fun4us\fun4us_notification_service.exeâ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='fun4us' /appid='73143' /srcid='2913' /bic='c3e994a2586ba8d7cc5eb266dcb010a6' /verifier='53dccb8e06c7bee9385adaae092f10fb' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gifTask: C:\WINDOWS\Tasks\fun4us_updating_service.job => C:\Documents and Settings\User\Local Settings\Application Data\fun4us\fun4us_updating_service.exe§ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=fun4us_updating_service /funurl=http:/stats.buildomserv.comHKLM\...\Run: [fst_pl_145] => [X]HKLM\...\Run: [upfst_pl_145.exe] => C:\Documents and Settings\User\Local Settings\Application Data\fst_pl_145\upfst_pl_145.exe -runhelperHKU\S-1-5-21-527237240-706699826-725345543-1003\...\MountPoints2: {90ed4f3f-8623-11e4-b085-001c231eb7f9} - E:\Startme.exeGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONShortcutWithArgument: C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NXShortcutWithArgument: C:\Documents and Settings\User\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NXShortcutWithArgument: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NXHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NXHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1403270212&from=obw&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NX&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NXHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1403270212&from=obw&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NX&q={searchTerms}HKU\S-1-5-21-527237240-706699826-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-527237240-706699826-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NXSearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NX&q={searchTerms}SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NX&q={searchTerms}SearchScopes: HKU\S-1-5-21-527237240-706699826-725345543-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1419843648&from=wpm12262&uid=HitachiXHTS541680J9SA00_SB22DBKGEB7B4NEB7B4NX&q={searchTerms}BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No FileFF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No FileFF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No FileFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml [2014-12-29]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\w4ibkb2u.default\extensions\detgdp@gmail.comCHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]C:\Documents and Settings\All Users\Application Data\WindowsMangerProtectC:\Documents and Settings\User\Application Data\ColorTableC:\Documents and Settings\User\Application Data\i7OPoKuArNBTC:\Documents and Settings\User\Application Data\lTW1Bf6xfjnCC:\Documents and Settings\User\Local Settings\Application Data\fun4usC:\Documents and Settings\User\Local Settings\Application Data\Google\ChromeC:\Program Files\Greener WebC:\Program Files\WinZipperC:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionC:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7Folder: C:\Program Files\Mozilla FirefoxReg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /fReg: reg delete HKCU\Software\Google\Chrome /fReg: reg delete HKLM\SOFTWARE\Google\Chrome /fReg: reg delete HKLM\SOFTWARE\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1 /fEmptyTemp:
*****************

Processes closed successfully.


The system needed a reboot. 

==== End of Fixlog 13:47:54 ====