Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014 Ran by user at 2014-11-19 20:33:56 Run:1 Running from C:\Users\user\Desktop\XXX\FRST Loaded Profile: user (Available profiles: user) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => C:\PROGRA~3\INTERE~1\INTERE~2.DLL File Not Found Task: {8D4726ED-30CA-4BF3-8B96-9DD9A3BDD55C} - System32\Tasks\Update Service YourFileDownloader => C:\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-10-29] (Cherished Technololgy LIMITED) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [488960 2014-10-29] (Fuyu LIMITED) [File not signed] S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1414602882&from=cor&uid=ST1000LM014-1EJ164_W380DWM2XXXXW380DWM2&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1414602882&from=cor&uid=ST1000LM014-1EJ164_W380DWM2XXXXW380DWM2&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1414602882&from=cor&uid=ST1000LM014-1EJ164_W380DWM2XXXXW380DWM2&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1414602882&from=cor&uid=ST1000LM014-1EJ164_W380DWM2XXXXW380DWM2&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1414602882&from=cor&uid=ST1000LM014-1EJ164_W380DWM2XXXXW380DWM2 SearchScopes: HKU\S-1-5-21-271407444-1818116929-1288510630-1002 -> {6B1865F2-14B8-4B97-8656-F7533F8989CE} URL = CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414602882&from=cor&uid=ST1000LM014-1EJ164_W380DWM2XXXXW380DWM2 CHR StartupUrls: Default -> "hxxp://1337.dev1/" CHR DefaultSearchKeyword: Default -> sweet-page C:\ProgramData\374311380 C:\ProgramData\IePluginServices C:\ProgramData\Interenet Optimizer C:\ProgramData\WindowsMangerProtect C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643} /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect /f Reg: reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s Folder: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions CMD: type "C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Preferences" EmptyTemp: ***************** Processes closed successfully. "C:\PROGRA~3\INTERE~1\INTERE~2.DLL" => Value Data removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D4726ED-30CA-4BF3-8B96-9DD9A3BDD55C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D4726ED-30CA-4BF3-8B96-9DD9A3BDD55C}" => Key deleted successfully. C:\Windows\System32\Tasks\Update Service YourFileDownloader => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service YourFileDownloader" => Key deleted successfully. IePluginServices => Service deleted successfully. WindowsMangerProtect => Service not found. EagleX64 => Service deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => Key deleted successfully. "HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => Key deleted successfully. "HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => Key deleted successfully. "HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => Key deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => Key deleted successfully. "HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => Key deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKU\S-1-5-21-271407444-1818116929-1288510630-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B1865F2-14B8-4B97-8656-F7533F8989CE}" => Key deleted successfully. "HKCR\CLSID\{6B1865F2-14B8-4B97-8656-F7533F8989CE}" => Key not found. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. C:\ProgramData\374311380 => Moved successfully. C:\ProgramData\IePluginServices => Moved successfully. "C:\ProgramData\Interenet Optimizer" => File/Directory not found. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully. C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* => Moved successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command (Default) REG_SZ "D:\Program Files\Opera\Launcher.exe" ========= End of Reg: ========= ========================= Folder: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions ======================== Directory Not Found ========= type "C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Preferences" ========= ========= End of CMD: ========= EmptyTemp: => Removed 1.3 GB temporary data. The system needed a reboot. ==== End of Fixlog ====