Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014 Ran by Master at 2014-09-05 17:00:32 Run:1 Running from C:\Users\Master\Desktop\Nowy folder (2) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** S2 CouponDownloaderService64; C:\Program Files (x86)\C78087A8-C960-4464-A618-3D351DF6C0D7\eexvlcbkbu64.exe [X] S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X] S2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=C78087A8-C960-4464-A618-3D351DF6C0D7 [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1408617927&from=cor&uid=ST500DM002-1BD142_W2AJNZ2CXXXXW2AJNZ2C&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1408617927&from=cor&uid=ST500DM002-1BD142_W2AJNZ2CXXXXW2AJNZ2C&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1408617927&from=cor&uid=ST500DM002-1BD142_W2AJNZ2CXXXXW2AJNZ2C&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1408617927&from=cor&uid=ST500DM002-1BD142_W2AJNZ2CXXXXW2AJNZ2C&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1408617927&from=cor&uid=ST500DM002-1BD142_W2AJNZ2CXXXXW2AJNZ2C&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1408617927&from=cor&uid=ST500DM002-1BD142_W2AJNZ2CXXXXW2AJNZ2C&q={searchTerms} FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml FF Extension: CouponDownloader - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\94ii8hi3.default\Extensions\j004-efxyrmbzyotmaw@jetpack.xpi [2014-07-28] FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-12-03] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk C:\Program Files\004 C:\Program Files\CouponDownloader C:\Program Files\C78087A8-C960-4464-A618-3D351DF6C0D7 C:\Program Files (x86)\C78087A8-C960-4464-A618-3D351DF6C0D7 C:\Program Files (x86)\Optimizer Pro C:\Program Files (x86)\SiteLookup C:\ProgramData\374311380 C:\ProgramData\IePluginServices C:\ProgramData\WindowsMangerProtect C:\Users\Master\AppData\Roaming\SimilarAddon Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKU\S-1-5-21-194267556-1109700488-698747584-1000\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** CouponDownloaderService64 => Service deleted successfully. IePluginServices => Service deleted successfully. rqpbhevlkc64 => Service deleted successfully. gdrv => Service deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml => Moved successfully. C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\94ii8hi3.default\Extensions\j004-efxyrmbzyotmaw@jetpack.xpi => Moved successfully. C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk => Moved successfully. C:\Program Files\004 => Moved successfully. C:\Program Files\CouponDownloader => Moved successfully. C:\Program Files\C78087A8-C960-4464-A618-3D351DF6C0D7 => Moved successfully. C:\Program Files (x86)\C78087A8-C960-4464-A618-3D351DF6C0D7 => Moved successfully. C:\Program Files (x86)\Optimizer Pro => Moved successfully. C:\Program Files (x86)\SiteLookup => Moved successfully. C:\ProgramData\374311380 => Moved successfully. C:\ProgramData\IePluginServices => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\Master\AppData\Roaming\SimilarAddon => Moved successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-21-194267556-1109700488-698747584-1000\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 3.8 GB temporary data. The system needed a reboot. ==== End of Fixlog ====