Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04 Ran by Maciek at 2015-04-17 14:32:14 Run:1 Running from C:\Documents and Settings\Maciek\Pulpit\FRST Loaded Profiles: Maciek (Available profiles: Maciek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Startup: C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\16B.tmp () Startup: C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\sign.bmp () R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-04-16] (StdLib) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe HKU\S-1-5-21-1229272821-789336058-1801674531-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x5F000000 HKU\S-1-5-21-1229272821-789336058-1801674531-1003\...\Policies\Explorer: [] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420993831&from=cor&uid=SAMSUNGXHD252HJ_S17HJDWQA06107" CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension HKU\S-1-5-21-1229272821-789336058-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dspp&ts=1420993831&from=cor&uid=SAMSUNGXHD252HJ_S17HJDWQA06107&q={searchTerms} SearchScopes: HKU\S-1-5-21-1229272821-789336058-1801674531-1003 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=CFF8E933-8E17-4C7D-8158-65C2CF33152E&apn_sauid=9AC4230A-F7C9-449D-BFE5-7BA08C1F44B2 SearchScopes: HKU\S-1-5-21-1229272821-789336058-1801674531-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1229272821-789336058-1801674531-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=CFF8E933-8E17-4C7D-8158-65C2CF33152E&apn_sauid=9AC4230A-F7C9-449D-BFE5-7BA08C1F44B2 SearchScopes: HKU\S-1-5-21-1229272821-789336058-1801674531-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Toolbar: HKU\S-1-5-21-1229272821-789336058-1801674531-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Windows\GameExplorer\{7027C693-118E-487F-8C19-D2869A5E62CE} C:\Documents and Settings\Maciek\daemonprocess.txt.id-7656544852_fudx@lycos.com C:\Documents and Settings\Maciek\Dane aplikacji\Babylon C:\Documents and Settings\Maciek\Dane aplikacji\sign.bmp C:\Documents and Settings\Maciek\Dane aplikacji\Microsoft\Office\Niedawny\*.LNK C:\Documents and Settings\Maciek\Moje dokumenty\Optimizer Pro C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences C:\Program Files\Enigma Software Group C:\Program Files\Malwarebytes Anti-Malware C:\Program Files\Mozilla Firefox\plugins C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\System32\drivers\tStLibG.sys Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Documents and Settings\All Users\Dane aplikacji" CMD: dir /a "C:\Documents and Settings\Maciek\Dane aplikacji" CMD: dir /a "C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji" ***************** Processes closed successfully. Restore point was successfully created. C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\16B.tmp => Moved successfully. C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\sign.bmp => Moved successfully. tStLibG => Unable to stop service tStLibG => Service deleted successfully. esgiguard => Service deleted successfully. MBAMSwissArmy => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully. HKU\S-1-5-21-1229272821-789336058-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun => value deleted successfully. HKU\S-1-5-21-1229272821-789336058-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. Chrome StartupUrls deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. HKU\S-1-5-21-1229272821-789336058-1801674531-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-1229272821-789336058-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1229272821-789336058-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-1229272821-789336058-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully. HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. "HKU\S-1-5-21-1229272821-789336058-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-1229272821-789336058-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Windows\GameExplorer\{7027C693-118E-487F-8C19-D2869A5E62CE} => Moved successfully. C:\Documents and Settings\Maciek\daemonprocess.txt.id-7656544852_fudx@lycos.com => Moved successfully. C:\Documents and Settings\Maciek\Dane aplikacji\Babylon => Moved successfully. C:\Documents and Settings\Maciek\Dane aplikacji\sign.bmp => Moved successfully. C:\Documents and Settings\Maciek\Dane aplikacji\Microsoft\Office\Niedawny\*.LNK => Moved successfully. C:\Documents and Settings\Maciek\Moje dokumenty\Optimizer Pro => Moved successfully. C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. "C:\Program Files\Malwarebytes Anti-Malware" => File/Directory not found. C:\Program Files\Mozilla Firefox\plugins => Moved successfully. C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. C:\WINDOWS\System32\drivers\tStLibG.sys => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoÅ„czona pomyÅ›lnie ========= End of Reg: ========= ========= dir /a "C:\Program Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 287E-D7AC Katalog: C:\Program Files 2015-04-17 14:32 . 2015-04-17 14:32 .. 2013-06-15 14:25 Adobe 2013-10-28 19:55 ahead 2014-01-18 13:49 Autodesk 2013-06-15 14:15 AVAST Software 2013-11-07 21:17 CodeMeter 2015-04-15 21:22 Common Files 2013-06-15 12:57 ComPlus Applications 2014-12-25 13:28 coolpro2 2013-06-15 13:37 Creative 2013-12-01 15:36 DAEMON Tools Lite 2013-07-09 16:01 Dream Match Tennis Pro 2015-04-07 13:18 Football Manager 2014 2013-09-17 13:04 Free mp3 Wma Converter 2013-09-17 12:24 Free WMA to MP3 Converter 2013-09-08 12:54 Google 2014-03-01 14:51 Heroes of Might and Magic III - Zlota Edycja 2014-02-28 18:29 HEROES3 2013-09-17 12:56 Illustrate 2014-03-05 19:55 InstallShield Installation Information 2013-06-15 13:18 Intel 2013-12-09 21:57 Internet Explorer 2013-12-04 17:50 Java 2014-04-16 18:57 K-Lite Codec Pack 2015-04-07 13:20 Lexmark 2300 Series 2014-07-30 17:53 LG Electronics 2014-11-24 10:44 McAfee Security Scan 2013-06-15 12:57 Messenger 2015-01-26 14:33 Microsoft Analysis Services 2013-06-15 13:00 microsoft frontpage 2015-01-26 14:39 Microsoft Office 2013-09-15 15:43 Microsoft Silverlight 2015-01-26 14:39 Microsoft SQL Server Compact Edition 2015-01-26 14:39 Microsoft Sync Framework 2015-01-26 14:39 Microsoft Synchronization Services 2015-01-26 14:35 Microsoft Visual Studio 8 2015-01-26 14:39 Microsoft.NET 2015-01-11 19:18 Mobogenie 2013-06-15 12:58 Movie Maker 2015-04-15 14:56 Mozilla Firefox 2015-04-06 20:05 Mozilla Maintenance Service 2015-01-26 14:40 MSBuild 2014-04-13 12:46 MSECache 2013-06-15 12:57 MSN Gaming Zone 2013-06-15 14:39 Nero 2013-06-15 12:58 NetMeeting 2015-04-08 18:51 Opera 2013-12-01 15:45 Optimizer Pro 2015-04-10 20:34 Origin 2014-06-21 20:50 Origin Games 2013-06-15 12:58 Outlook Express 2013-08-05 15:38 PhotoFiltre 7 2013-06-15 13:20 Realtek 2013-12-09 21:59 Reference Assemblies 2013-06-15 14:31 Samsung 2013-07-14 14:39 SamsungPrinterLiveUpdate 2013-06-15 14:31 SamsungPrinterLiveUpdateInstaller 2015-01-13 20:52 scilab-5.3.3 2014-09-20 21:35 SoftEther VPN Client 2013-06-15 13:04 Uninstall Information 2013-06-15 12:59 Usˆugi online 2013-07-12 18:17 VideoLAN 2013-06-19 10:04 VirtualDJ 2013-06-15 13:47 Winamp 2013-06-15 13:47 Winamp Detect 2013-11-18 10:45 Windows Media Player 2013-06-15 12:57 Windows NT 2013-06-15 12:59 WindowsUpdate 2013-06-15 14:18 WinRAR 2013-06-15 13:00 xerox 0 plik(¢w) 0 bajt¢w 71 katalog(¢w) 2ÿ492ÿ416ÿ000 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 287E-D7AC Katalog: C:\Program Files\Common Files 2015-04-15 21:22 . 2015-04-15 21:22 .. 2014-05-14 14:26 Adobe 2013-10-28 20:00 Ahead 2014-01-18 14:02 Autodesk Shared 2013-06-15 14:31 Common Desktop Agent 2015-01-26 14:39 DESIGNER 2014-06-21 22:02 EAInstaller 2014-06-21 14:57 InstallShield 2013-12-04 17:50 Java 2013-10-28 20:01 LightScribe 2014-01-18 13:56 Macrovision Shared 2015-01-26 14:49 Microsoft Shared 2013-06-15 12:58 MSSoap 2013-06-15 14:52 ODBC 2013-06-15 12:58 Services 2013-06-15 14:52 SpeechEngines 2014-01-06 18:39 SWF Studio 2013-06-15 14:35 System 2015-04-15 21:22 Wise Installation Wizard 0 plik(¢w) 0 bajt¢w 20 katalog(¢w) 2ÿ492ÿ411ÿ904 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\All Users\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 287E-D7AC Katalog: C:\Documents and Settings\All Users\Dane aplikacji 2015-04-17 14:32 . 2015-04-17 14:32 .. 2013-06-18 16:38 Adobe 2013-06-15 14:42 Ahead 2013-12-04 17:52 APN 2013-06-16 16:03 Ask 2014-01-18 13:53 Autodesk 2013-06-15 14:15 AVAST Software 2013-07-12 18:07 Babylon 2013-12-01 15:37 DAEMON Tools Lite 2013-06-15 14:52 62 desktop.ini 2014-08-18 11:37 Electronic Arts 2014-01-18 12:59 FLEXnet 2013-06-26 21:18 GG 2013-10-28 20:02 LightScribe 2014-11-20 10:41 McAfee 2014-11-24 10:44 McAfee Security Scan 2015-01-26 14:39 Microsoft 2015-01-26 14:49 Microsoft Help 2013-06-15 13:43 Mozilla 2013-10-28 19:57 Nero 2015-04-11 19:35 Origin 2013-06-15 14:31 Samsung 2013-06-16 16:03 Sun 2013-12-01 15:44 TEMP 1 plik(¢w) 62 bajt¢w 24 katalog(¢w) 2ÿ492ÿ358ÿ656 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\Maciek\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 287E-D7AC Katalog: C:\Documents and Settings\Maciek\Dane aplikacji 2015-04-17 14:32 . 2015-04-17 14:32 .. 2013-09-17 12:56 AccurateRip 2013-06-18 13:47 Adobe 2013-10-28 20:05 Ahead 2014-01-18 13:57 Autodesk 2013-12-01 15:37 DAEMON Tools Lite 2015-04-15 14:48 dBpoweramp 2013-06-15 14:52 62 desktop.ini 2015-03-23 22:02 GG 2015-04-07 13:17 Help 2013-06-15 13:04 Identities 2013-06-15 13:20 InstallShield 2013-09-23 13:00 Leadertech 2013-06-15 13:52 Macromedia 2013-12-01 18:46 Media Player Classic 2015-04-15 21:22 Microsoft 2013-06-15 13:43 Mozilla 2014-04-16 18:57 MPC-HC 2014-08-18 13:31 Need for Speed World 2015-03-22 18:49 Opera Software 2014-12-18 22:01 Origin 2013-09-17 12:20 PerformerSoft 2013-08-05 15:58 PhotoFiltre 7 2013-06-15 14:31 Samsung 2015-01-13 18:18 Scilab 2013-06-16 15:59 Sun 2015-02-24 20:28 vlc 2014-02-03 13:41 Winamp 2013-06-19 10:03 WinRAR 1 plik(¢w) 62 bajt¢w 29 katalog(¢w) 2ÿ492ÿ354ÿ560 bajt¢w wolnych ========= End of CMD: ========= ========= dir /a "C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji" ========= Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: 287E-D7AC Katalog: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji 2015-04-07 13:17 . 2015-04-07 13:17 .. 2014-11-20 10:40 Adobe 2013-10-28 20:05 Ahead 2013-12-09 22:36 Autodesk 2013-12-09 22:43 Autodesk,_Inc 2013-12-01 15:35 cache 2013-12-01 16:00 Chromium 2014-04-06 19:22 46ÿ592 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-28 21:40 DOSBox 2014-08-18 11:37 Electronic_Arts_Inc 2015-01-26 15:24 120ÿ360 GDIPFONTCACHEV1.DAT 2015-03-23 21:47 GG 2013-09-08 12:54 Google 2013-12-09 22:37 Granta Design 2015-04-07 13:17 Help 2014-06-21 22:55 4ÿ289ÿ646 IconCache.db 2013-10-28 20:01 Identities 2014-09-20 21:42 Kryptotel_fz_llc 2013-12-05 15:38 Lollipop 2015-04-15 21:03 Microsoft 2015-01-26 14:33 Microsoft Help 2013-12-01 15:34 Mobogenie 2013-06-15 13:43 Mozilla 2015-03-22 18:50 Opera Software 2014-06-21 20:49 Origin 2013-12-01 15:46 Sports Interactive 2013-06-16 16:10 Sun 2013-12-19 12:03 WMTools Downloaded Files 3 plik(¢w) 4ÿ456ÿ598 bajt¢w 26 katalog(¢w) 2ÿ492ÿ354ÿ560 bajt¢w wolnych ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog 14:32:27 ====