Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2014 Ran by Andrzej at 2014-02-08 13:19:51 Run:1 Running from C:\Users\Andrzej\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {0A0E5E9D-9DB5-49F8-AF00-E1A65FFEDAFA} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-01] (SaveSense) Task: {3E73306B-DAC0-4397-B59B-5B1008C339E1} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-01] (SaveSense) Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3&q={searchTerms} BHO-x32: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\Andrzej\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\sweet-page.xml FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.sweet-page.com/?type=sc&ts=1391286806&from=cor&uid=ST1000DM003-1CH162_T1DFYYN3XXXXT1DFYYN3 FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14] CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27] CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22] CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2012-11-22] S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-01] (SaveSense) S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-01] (SaveSense) R2 Update RightSurf; C:\Program Files (x86)\RightSurf\updateRightSurf.exe [103200 2014-01-30] () R2 Util RightSurf; C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [103200 2014-01-30] () S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] C:\Users\Andrzej\AppData\Local\SaveSense C:\Program Files (x86)\SaveSenseLive C:\Users\Andrzej\AppData\Roaming\SaveSense C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore C:\Users\Andrzej\AppData\Local\SaveSenseLive C:\ProgramData\SaveSenseLive C:\Program Files (x86)\RightSurf C:\Users\Andrzej\AppData\Roaming\newnext.me C:\Users\Andrzej\AppData\Local\Mobogenie C:\Users\Andrzej\AppData\Local\cache C:\Users\Andrzej\AppData\Local\genienext C:\Users\Andrzej\.android C:\Users\Andrzej\daemonprocess.txt ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A0E5E9D-9DB5-49F8-AF00-E1A65FFEDAFA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A0E5E9D-9DB5-49F8-AF00-E1A65FFEDAFA} => Key deleted successfully. C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineUA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E73306B-DAC0-4397-B59B-5B1008C339E1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E73306B-DAC0-4397-B59B-5B1008C339E1} => Key deleted successfully. C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSenseLiveUpdateTaskMachineCore => Key deleted successfully. C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{71e129ff-6c2a-4984-818c-7e2c998b8d99} => Key deleted successfully. HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully. HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found. C:\Program Files (x86)\mozilla firefox\searchplugins\sweet-page.xml => Moved successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3 => Key deleted successfully. C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9 => Key deleted successfully. C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully. C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn => Key deleted successfully. "C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx" => File/Directory not found. savesenselive => Service deleted successfully. savesenselivem => Service deleted successfully. Update RightSurf => Service deleted successfully. Util RightSurf => Service deleted successfully. DgiVecp => Service deleted successfully. MSICDSetup => Service deleted successfully. NTIOLib_1_0_C => Service deleted successfully. C:\Users\Andrzej\AppData\Local\SaveSense => Moved successfully. C:\Program Files (x86)\SaveSenseLive => Moved successfully. C:\Users\Andrzej\AppData\Roaming\SaveSense => Moved successfully. "C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA" => File/Directory not found. "C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore" => File/Directory not found. C:\Users\Andrzej\AppData\Local\SaveSenseLive => Moved successfully. C:\ProgramData\SaveSenseLive => Moved successfully. C:\Program Files (x86)\RightSurf => Moved successfully. C:\Users\Andrzej\AppData\Roaming\newnext.me => Moved successfully. C:\Users\Andrzej\AppData\Local\Mobogenie => Moved successfully. C:\Users\Andrzej\AppData\Local\cache => Moved successfully. C:\Users\Andrzej\AppData\Local\genienext => Moved successfully. C:\Users\Andrzej\.android => Moved successfully. C:\Users\Andrzej\daemonprocess.txt => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ====