Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by castletone77 at 2015-01-09 15:35:09 Run:1
Running from M:\frst64
Loaded Profile: castletone77 (Available profiles: castletone77)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {0D9DDEBB-6FDD-433F-807D-B3EC386C19F5} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WBrowserUpdater.exe <==== ATTENTION
Task: {2540D1CA-2136-4308-9CC1-13F8AB8D875B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-09] (globalUpdate) <==== ATTENTION
Task: {294AEA74-828A-4CEA-83C7-15DE38B0BFC2} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {513608D1-0E24-41D5-BE5A-4EE747635C61} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-09] (globalUpdate) <==== ATTENTION
Task: {58252B15-7603-4494-B734-DF0261ADDD66} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WBrowserProtect.exe <==== ATTENTION
Task: {67131C2C-42FD-4D52-83A3-9D70CFFCDD6D} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-30] () <==== ATTENTION
Task: {C8EF4B1D-E319-415B-961B-685BFB0F0B6C} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION
Task: {F88BB178-2540-482D-9D0F-076F1CC4BCE9} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrowserProductivity.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-09] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-09] (globalUpdate) [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7138664 2014-12-02] (Reimage®)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKU\S-1-5-21-519654634-1475891941-3348864904-1001\...\MountPoints2: {5c68d2c1-77b0-11e4-beb0-24fd520a19c6} - "F:\startme.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
ProxyServer: [S-1-5-21-519654634-1475891941-3348864904-1001] => http=127.0.0.1:49213;https=127.0.0.1:49213
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=77302&st=bs&tid=18145&ver=5.7&ts=1402332997371&tguid=77302-18145-1402332997371-5A3E37E2F579CA2A7539B514A7BD4910&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=77302&st=bs&tid=18145&ver=5.7&ts=1402332997371&tguid=77302-18145-1402332997371-5A3E37E2F579CA2A7539B514A7BD4910&q={searchTerms}
SearchScopes: HKU\S-1-5-21-519654634-1475891941-3348864904-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={1A924997-05DF-47E1-AA2E-1BC82D281FDD}&mid=87d5f506263547d29d3cf5b414eef035-39c2a54a361bd2b42d6085b5a4a07f1b218e2356&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-30 18:12:30&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-519654634-1475891941-3348864904-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={1A924997-05DF-47E1-AA2E-1BC82D281FDD}&mid=87d5f506263547d29d3cf5b414eef035-39c2a54a361bd2b42d6085b5a4a07f1b218e2356&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-30 18:12:30&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-519654634-1475891941-3348864904-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=77302&st=bs&tid=18145&ver=5.7&ts=1402332997371&tguid=77302-18145-1402332997371-5A3E37E2F579CA2A7539B514A7BD4910&q={searchTerms}
SearchScopes: HKU\S-1-5-21-519654634-1475891941-3348864904-1001 -> {BC181B8C-7994-480D-B470-892A53D11639} URL =
Toolbar: HKU\S-1-5-21-519654634-1475891941-3348864904-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
C:\rei
C:\Program Files\Reimage
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\HomeTab
C:\ProgramData\Reimage Protector
C:\Users\castletone77\AppData\Local\pcc.exe
C:\Users\castletone77\AppData\Local\Microsoft\Windows\INETCache\Content.IE5\FK669RJ3
C:\Windows\Reimage.ini
C:\Windows\System32\Tasks\Browser Updater
C:\Windows\System32\Tasks\ProtectedSearch
C:\Windows\System32\Tasks\SystemSockets
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v mcui_exe /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0D9DDEBB-6FDD-433F-807D-B3EC386C19F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D9DDEBB-6FDD-433F-807D-B3EC386C19F5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Browser Updater\Browser Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2540D1CA-2136-4308-9CC1-13F8AB8D875B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2540D1CA-2136-4308-9CC1-13F8AB8D875B}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{294AEA74-828A-4CEA-83C7-15DE38B0BFC2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{294AEA74-828A-4CEA-83C7-15DE38B0BFC2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{513608D1-0E24-41D5-BE5A-4EE747635C61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{513608D1-0E24-41D5-BE5A-4EE747635C61}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58252B15-7603-4494-B734-DF0261ADDD66}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58252B15-7603-4494-B734-DF0261ADDD66}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProtectedSearch\Protected Search => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67131C2C-42FD-4D52-83A3-9D70CFFCDD6D} => Key not found. 
C:\Windows\System32\Tasks\Reimage Reminder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8EF4B1D-E319-415B-961B-685BFB0F0B6C} => Key not found. 
C:\Windows\System32\Tasks\ReimageUpdater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F88BB178-2540-482D-9D0F-076F1CC4BCE9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F88BB178-2540-482D-9D0F-076F1CC4BCE9}" => Key deleted successfully.
C:\Windows\System32\Tasks\SystemSockets\SystemSockets => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets\SystemSockets" => Key deleted successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
ReimageRealTimeProtector => Service not found.
esgiguard => Service deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.
"HKU\S-1-5-21-519654634-1475891941-3348864904-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c68d2c1-77b0-11e4-beb0-24fd520a19c6}" => Key deleted successfully.
HKCR\CLSID\{5c68d2c1-77b0-11e4-beb0-24fd520a19c6} => Key not found. 
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
HKU\S-1-5-21-519654634-1475891941-3348864904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. 
HKU\S-1-5-21-519654634-1475891941-3348864904-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-519654634-1475891941-3348864904-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
"HKU\S-1-5-21-519654634-1475891941-3348864904-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. 
"HKU\S-1-5-21-519654634-1475891941-3348864904-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC181B8C-7994-480D-B470-892A53D11639}" => Key deleted successfully.
HKCR\CLSID\{BC181B8C-7994-480D-B470-892A53D11639} => Key not found. 
HKU\S-1-5-21-519654634-1475891941-3348864904-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.
"C:\rei" => File/Directory not found.
"C:\Program Files\Reimage" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
"C:\Program Files (x86)\HomeTab" => File/Directory not found.
"C:\ProgramData\Reimage Protector" => File/Directory not found.
C:\Users\castletone77\AppData\Local\pcc.exe => Moved successfully.
C:\Users\castletone77\AppData\Local\Microsoft\Windows\INETCache\Content.IE5\FK669RJ3 => Moved successfully.
C:\Windows\Reimage.ini => Moved successfully.
C:\Windows\System32\Tasks\Browser Updater => Moved successfully.
C:\Windows\System32\Tasks\ProtectedSearch => Moved successfully.
C:\Windows\System32\Tasks\SystemSockets => Moved successfully.

========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v mcui_exe /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========

EmptyTemp: => Removed 502.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:36:59 ====