Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014 Ran by rzepek at 2014-05-23 08:03:06 Run:1 Running from C:\Users\rzepek\Contacts\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe () C:\Program Files\CouponDownloader\CouponDownloaderService.exe (iWin Inc.) C:\Program Files\iWin Games\iWinTrusted.exe () C:\Program Files\004\rqpbhevlkc32.exe R2 CouponDownloaderService; c:\Program Files\CouponDownloader\CouponDownloaderService.exe [691200 2014-05-01] () R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED) R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [176408 2010-09-27] (iWin Inc.) R2 rqpbhevlkc32; C:\Program Files\004\rqpbhevlkc32.exe [543232 2014-05-14] () R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-02-13] (NetFilterSDK.com) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath HKLM\...\Policies\Explorer: [NoCDBurning] 0 URLSearchHook: HKCU - (No Name) - {5c81f57f-3cf7-4785-b4ef-11ace31aec4f} - No File URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File URLSearchHook: HKCU - (No Name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {5D61CC5D-C7BF-454D-A732-892BE6AD7CE5} URL = http://startsear.ch/?aff=1&src=sp&cf=8efe0310-cffd-11e0-a58e-bdf56661fa09&q={searchTerms} SearchScopes: HKLM - {6E8A0749-83E2-41DC-A934-C9DF52471DA9} URL = http://startsear.ch/?aff=1&src=sp&cf=3d064c50-f466-11e1-852a-b389ef4b11d9&q={searchTerms} SearchScopes: HKCU - {5D61CC5D-C7BF-454D-A732-892BE6AD7CE5} URL = http://startsear.ch/?aff=1&src=sp&cf=8efe0310-cffd-11e0-a58e-bdf56661fa09&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://search.certified-toolbar.com?si=44393&st=bs&tid=3786&ver=2.9&ts=1367921146474&tguid=44393-3786-1367921146474-D41D8CD98F00B204E9800998ECF8427E&q={searchTerms} SearchScopes: HKCU - {6E8A0749-83E2-41DC-A934-C9DF52471DA9} URL = http://startsear.ch/?aff=1&src=sp&cf=3d064c50-f466-11e1-852a-b389ef4b11d9&q={searchTerms} SearchScopes: HKCU - {A03F5EC1-6ADF-4402-A53B-48B000E8E745} URL = http://startsear.ch/?aff=1&q={searchTerms} SearchScopes: HKCU - {CC154F9B-3B46-43D1-8940-7AD5C58574F8} URL = http://startsear.ch/?aff=1&src=sp&cf=75b12e80-80cb-11e1-b1c4-a341d39482d8&q={searchTerms} Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {5C81F57F-3CF7-4785-B4EF-11ACE31AEC4F} - No File Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File Toolbar: HKCU - No Name - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - No File CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Task: {6BAF7832-5EDA-4C1E-B5D0-6AFB80032C6E} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {A6ADDBBC-5ACA-42AD-983D-6CB758301948} - System32\Tasks\{A9A9E79A-BE2E-4F71-88F1-2AAAD671F94C} => Firefox.exe http://ui.skype.com/ui/0/5.5.0.114/pl/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;userlevelpresent Task: {A89C0DBA-EE8F-4BF3-82FB-52D22646659E} - System32\Tasks\At1 => C:\Users\rzepek\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\At1.job => C:\Users\rzepek\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE AlternateDataStreams: C:\ProgramData\Temp:436DEE1E C:\Program Files\004 C:\Program Files\Coupon Downloader C:\Program Files\CouponDownloader C:\Program Files\iWin Games C:\ProgramData\IePluginServices C:\ProgramData\Spybot - Search & Destroy C:\Users\rzepek\AppData\Local\Temp*.html C:\Windows\System32\Tasks\Browser Updater C:\Windows\System32\Tasks\ProtectedSearch C:\Windows\System32\rp_rules.dat C:\Windows\System32\rp_stats.dat C:\Windows\system32\sqlite3.dll C:\Windows\System32\drivers\netfilter.sys C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: netsh advfirewall reset Reboot: ***************** [1992] C:\ProgramData\IePluginServices\PluginService.exe => Process closed successfully. [3024] C:\Program Files\CouponDownloader\CouponDownloaderService.exe => Process closed successfully. [3204] C:\Program Files\iWin Games\iWinTrusted.exe => Process closed successfully. [3564] C:\Program Files\004\rqpbhevlkc32.exe => Process closed successfully. CouponDownloaderService => Service deleted successfully. IePluginServices => Service deleted successfully. iWinTrusted => Service deleted successfully. rqpbhevlkc32 => Service deleted successfully. netfilter => Unable to stop service netfilter => Service deleted successfully. esgiguard => Service deleted successfully. Winsock - Google Desktop Search Backup Before First Install => Service deleted successfully. Winsock - Google Desktop Search Backup Before Last Install => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f} => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ce0c2586-da36-452b-acdb-320d9bcb19bf} => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D61CC5D-C7BF-454D-A732-892BE6AD7CE5} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{5D61CC5D-C7BF-454D-A732-892BE6AD7CE5} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E8A0749-83E2-41DC-A934-C9DF52471DA9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{6E8A0749-83E2-41DC-A934-C9DF52471DA9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D61CC5D-C7BF-454D-A732-892BE6AD7CE5} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{5D61CC5D-C7BF-454D-A732-892BE6AD7CE5} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E8A0749-83E2-41DC-A934-C9DF52471DA9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{6E8A0749-83E2-41DC-A934-C9DF52471DA9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A03F5EC1-6ADF-4402-A53B-48B000E8E745} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{A03F5EC1-6ADF-4402-A53B-48B000E8E745} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC154F9B-3B46-43D1-8940-7AD5C58574F8} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{CC154F9B-3B46-43D1-8940-7AD5C58574F8} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5C81F57F-3CF7-4785-B4EF-11ACE31AEC4F} => Value deleted successfully. HKCR\CLSID\{5C81F57F-3CF7-4785-B4EF-11ACE31AEC4F} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value deleted successfully. HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF} => Value deleted successfully. HKCR\CLSID\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF} => Key not found. HKCU\SOFTWARE\Policies\Google => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BAF7832-5EDA-4C1E-B5D0-6AFB80032C6E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BAF7832-5EDA-4C1E-B5D0-6AFB80032C6E} => Key deleted successfully. C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly) => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6ADDBBC-5ACA-42AD-983D-6CB758301948} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6ADDBBC-5ACA-42AD-983D-6CB758301948} => Key deleted successfully. C:\Windows\System32\Tasks\{A9A9E79A-BE2E-4F71-88F1-2AAAD671F94C} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A9A9E79A-BE2E-4F71-88F1-2AAAD671F94C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A89C0DBA-EE8F-4BF3-82FB-52D22646659E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A89C0DBA-EE8F-4BF3-82FB-52D22646659E} => Key deleted successfully. C:\Windows\System32\Tasks\At1 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully. C:\Windows\Tasks\Ad-Aware Update (Weekly).job => Moved successfully. C:\Windows\Tasks\At1.job => Moved successfully. C:\ProgramData\Temp => ":436DEE1E" ADS removed successfully. C:\Program Files\004 => Moved successfully. C:\Program Files\Coupon Downloader => Moved successfully. C:\Program Files\CouponDownloader => Moved successfully. C:\Program Files\iWin Games => Moved successfully. C:\ProgramData\IePluginServices => Moved successfully. C:\ProgramData\Spybot - Search & Destroy => Moved successfully. C:\Users\rzepek\AppData\Local\Temp*.html => Moved successfully. C:\Windows\System32\Tasks\Browser Updater => Moved successfully. C:\Windows\System32\Tasks\ProtectedSearch => Moved successfully. C:\Windows\System32\rp_rules.dat => Moved successfully. C:\Windows\System32\rp_stats.dat => Moved successfully. C:\Windows\system32\sqlite3.dll => Moved successfully. C:\Windows\System32\drivers\netfilter.sys => Moved successfully. C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====