Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Mateusz at 2015-03-19 07:38:04 Run:1 Running from C:\Users\Mateusz\Downloads Loaded Profiles: Mateusz (Available profiles: Mateusz) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {4D317395-FBFA-485F-9C01-71FA3BA19244} - \SMupdate1 No Task File <==== ATTENTION Task: {9F750A06-160F-4AD4-9167-1DFBAAB38483} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {BF0B6628-821B-4357-B2B5-3EA0C214973C} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] U2 V2iMount; No ImagePath S3 VBoxDrv; \??\C:\Program Files\Oracle\VirtualBox\VBoxDrv.sys [X] HKLM-x32\...\Run: [fst_pl_128] => [X] Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1224429344-3065566498-1723742715-1000\...\MountPoints2: {7b331285-e5b6-11e3-9e85-de6b8c8e8418} - F:\SETUP.EXE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R&q={searchTerms} HKU\S-1-5-21-1224429344-3065566498-1723742715-1000\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-1224429344-3065566498-1723742715-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R&q={searchTerms} SearchScopes: HKU\S-1-5-21-1224429344-3065566498-1723742715-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1405035027&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF400010R&q={searchTerms} BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-12-09] C:\Program Files (x86)\mozilla firefox\plugins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docudesk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Product Key Finder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Softendo.com C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Softendo Games World.lnk C:\Users\Mateusz\AppData\Roaming\Microsoft\Word\kubiak%20spr%20(1)304324832316986679\kubiak%20spr%20(1).docx.lnk EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D317395-FBFA-485F-9C01-71FA3BA19244}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D317395-FBFA-485F-9C01-71FA3BA19244}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F750A06-160F-4AD4-9167-1DFBAAB38483}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F750A06-160F-4AD4-9167-1DFBAAB38483}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF0B6628-821B-4357-B2B5-3EA0C214973C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF0B6628-821B-4357-B2B5-3EA0C214973C}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully. EagleX64 => Service deleted successfully. esgiguard => Service deleted successfully. MBAMSwissArmy => Service deleted successfully. V2iMount => Service deleted successfully. VBoxDrv => Service deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_pl_128 => value deleted successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully. "HKU\S-1-5-21-1224429344-3065566498-1723742715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b331285-e5b6-11e3-9e85-de6b8c8e8418}" => Key deleted successfully. HKCR\CLSID\{7b331285-e5b6-11e3-9e85-de6b8c8e8418} => Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1224429344-3065566498-1723742715-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1224429344-3065566498-1723742715-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-1224429344-3065566498-1723742715-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docudesk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Product Key Finder => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Softendo.com => Moved successfully. C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Softendo Games World.lnk => Moved successfully. "C:\Users\Mateusz\AppData\Roaming\Microsoft\Word\kubiak%20spr%20(1)304324832316986679\kubiak%20spr%20(1).docx.lnk" => File/Directory not found. EmptyTemp: => Removed 1.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 07:38:30 ====