Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014 01
Ran by Pozioma at 2014-09-29 22:24:20 Run:1
Running from D:\LOGI\FRST
Loaded Profile: Pozioma (Available profiles: Pozioma)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-774380394-1341737781-3001330708-1000\...\Policies\Explorer: [Run] "C:\Users\Pozioma\AppData\Roaming\Microsoft\Windows\IEUpdate\netbtugc.exe"
ShellIconOverlayIdentifiers: 1SecureIconsProvider -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
C:\ProgramData\Microsoft\Secure
C:\ProgramData\Windows Genuine Advantage
C:\Users\Pozioma\AppData\Local\YtjcPack
C:\Users\Pozioma\AppData\Roaming\Qoviys
C:\Users\Pozioma\AppData\Roaming\Microsoft\Windows\IEUpdate
C:\Users\Pozioma\Downloads\iexplorer.exe.exe
C:\Users\Pozioma\Downloads\SpyHunter-installer.exe
C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
C:\Windows\system32\Drivers\TrueSight.sys
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CMD: type C:\Users\Pozioma\AppData\Roaming\Mozilla\Firefox\Profiles\pfijyol4.default\Extensions\{99E3C1FC-AEB7-077F-6DEF-7629C05B0AA5}\install.rdf
CMD: type C:\Users\Pozioma\AppData\Roaming\Mozilla\Firefox\Profiles\pfijyol4.default\searchplugins\avira-safesearch.xml
CMD: type C:\Users\Pozioma\AppData\Roaming\Mozilla\Firefox\Profiles\pfijyol4.default\searchplugins\search.xml
EmptyTemp:
*****************

Processes closed successfully.
HKU\S-1-5-21-774380394-1341737781-3001330708-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
Default URLSearchHook was restored successfully .
EagleX64 => Service deleted successfully.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.

"C:\ProgramData\Microsoft\Secure" directory move:

C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll => Moved successfully.
Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp104C.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp3AA5.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp435B.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4C33.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp4CC8.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5282.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7ACD.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7B5B.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8395.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8B34.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9194.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9194.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpBB0D.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpBF6C.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpC506.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD829.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD829.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpE3E3.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpE3E3.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpEDD7.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF382.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF5B.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF905.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{08F5755F-C258-FD56-CF94-5B8EBB915F1D} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{161C1722-F2C1-573C-08F4-A21E133DC84C} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{25EDABD7-CA95-3480-3A26-D51D59E46751} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{3B8DC38E-9F6F-AD20-419D-BBFC98A51C67} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{AD3D9FB8-CC55-2511-C4BA-D35D1DE74048} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif => Moved successfully.
Could not move "C:\ProgramData\Microsoft\Secure" directory. => Scheduled to move on reboot.

C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\Users\Pozioma\AppData\Local\YtjcPack => Moved successfully.
C:\Users\Pozioma\AppData\Roaming\Qoviys => Moved successfully.
C:\Users\Pozioma\AppData\Roaming\Microsoft\Windows\IEUpdate => Moved successfully.
C:\Users\Pozioma\Downloads\iexplorer.exe.exe => Moved successfully.
C:\Users\Pozioma\Downloads\SpyHunter-installer.exe => Moved successfully.
C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP => Moved successfully.
C:\Windows\system32\Drivers\TrueSight.sys => Moved successfully.

========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


=========  type C:\Users\Pozioma\AppData\Roaming\Mozilla\Firefox\Profiles\pfijyol4.default\Extensions\{99E3C1FC-AEB7-077F-6DEF-7629C05B0AA5}\install.rdf =========

<?xml version="1.0"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
	xmlns:em="http://www.mozilla.org/2004/em-rdf#">
	<Description about="urn:mozilla:install-manifest">
		<em:id>{99E3C1FC-AEB7-077F-6DEF-7629C05B0AA5}</em:id>
		<em:name>DynamicRenderer Class</em:name>
		<em:version>6.0.2</em:version>
		<em:description>Extension.</em:description>
		<em:creator>DynamicRenderer Class</em:creator>
		<em:targetApplication>
			<Description>
				<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
				<em:minVersion>3.6</em:minVersion>
				<em:maxVersion>*</em:maxVersion>
			</Description>
		</em:targetApplication>
	</Description>
</RDF>
========= End of CMD: =========


=========  type C:\Users\Pozioma\AppData\Roaming\Mozilla\Firefox\Profiles\pfijyol4.default\searchplugins\avira-safesearch.xml =========

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/">
<os:ShortName>Avira SafeSearch</os:ShortName>
<os:Image width="16" height="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAARCAYAAAA7bUf6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAU5JREFUeNpi/P//P8NtfvEABgYGAwbSwQXVjy83MN7iEwMZsJ6BfBDIRKYLkIEBEwMVAFZDmPj5GcSnT2JQvHKWAehnBuXHtxmkli1k4LSxIs4Qdl0doOYzDHxR4Qy/Hz5ieNfRw/D70WMGbm8PBpmt67EaxIIuILV8IZh+4h3I8P3IMYgiOVkGdh1thk/LVsLFcBrCFx3BwCIrw/A8OgGuGOQtkKtABrzMzCPsHZBT/336xPBly3YUA75u3YHTAAxDWIHOBvkf2QCw4bZW4LCCBTqPjyduQ35evgr2u9zRfWADXmblMzyycQbLyWxbDzZAAmi4aEcLbkO+HzkKiSGgQSADPi1dATT4CtgrTHx8DPJAw0GuAsUazoAFhQUoQEGBCDIAWRwU2HxREUDX8DG8rqhFMQSUdxqAdD0FCbaRasn+AoVmXGCkRnkCEGAA43qCEIb/o+YAAAAASUVORK5CYII=</os:Image>
<os:Url type="text/html" method="GET" template="http://search.avira.com/web?o=AVI1&amp;avst=bar&amp;q={searchTerms}">
</os:Url>
</SearchPlugin>
========= End of CMD: =========


=========  type C:\Users\Pozioma\AppData\Roaming\Mozilla\Firefox\Profiles\pfijyol4.default\searchplugins\search.xml =========

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
<ShortName>search</ShortName>
<Description>Search for the best price.</Description>
<InputEncoding>windows-1251</InputEncoding>
<Image width="16" height="16">data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAaRJREFUeNpiVIg5JRURw0A0YAHio943kYV%2B%2Ff33%2BdvvX7%2F%2FMjEx8nKycrGzwKXOiPKzICvdeezLhCV3jp15%2Bfv%2FX0YGhv8MDDxMX2qKTIw0RK10eYD6QYqATvoPBkt3f5K0W9Ew4fjTFz%2F%2Bw8Dm3W8UPeZxqFa%2BevsFyD0twgfVsOfkRxHrtfV9u5BVQ8Crd98%2FffkGYQM1QJ20%2FfSPv79eNxQGYfpSVJADmcvEAHbr7oOX2dj%2FERNKIA2%2F%2F%2Fz%2FxfCDhYVoDUDw5P6vf9%2B5iY0HVmZGQWm%2BN3fff%2Fn2k4eLHS739x%2FDiRs%2Ff%2F%2F5x8HO%2FOHzN3djfqgNjIwMgc6qzLx%2Fpy47j2zY%2Feff06tXhOUucgxeun33AUZGpHh4%2Bvo7t8EyIJqz%2FhpasD59%2B5dNrqdnznZIsEL9ICXCsWuBCwvTv%2FymS5PWPP32ExEALz%2F%2BB5r848cPCJcRaMP9xaYQzofPPzfuvrnj0Jst%2B5%2F8%2Bc4sLPeDkYlRgJc93VPE18NIXkYUmJYQSQMZ%2FP3379uPH7%2F%2F%2FEETBzqJ0WqLGvFpe2LCC4AAAwAyjg7ENzDDWAAAAABJRU5ErkJggg%3D%3D</Image>
<Url type="text/html" method="GET" template="http://www.bing.com/search?">
  <Param name="q" value="{searchTerms}"/>
</Url>
</SearchPlugin>

========= End of CMD: =========

EmptyTemp: => Removed 825.7 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-29 22:25:52)<=

C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.
C:\ProgramData\Microsoft\Secure => Is moved successfully.

==== End of Fixlog ====