Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015
Ran by Marta (2015-12-12 14:17:19) Run:1
Running from C:\Users\Marta\Downloads
Loaded Profiles: Marta (Available Profiles: Marta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [271464 2015-11-10] ()
R2 IhPul; C:\Users\Marta\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <???>)
R2 WdMan; C:\ProgramData\BWdMB\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-11] ()
ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8 <==== ATTENTION
ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8 <==== ATTENTION
ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8 <==== ATTENTION
ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8 <==== ATTENTION
ShortcutWithArgument: C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8 <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8 <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1447876706&z=6ad571d02e26a7c48202486gez5z0mdb3m0q0m9e2q&from=cornl&uid=st9500325as_6vem9zc8xxxx6vem9zc8&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&ts=1447876706&z=6ad571d02e26a7c48202486gez5z0mdb3m0q0m9e2q&from=cornl&uid=st9500325as_6vem9zc8xxxx6vem9zc8&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1447876706&z=6ad571d02e26a7c48202486gez5z0mdb3m0q0m9e2q&from=cornl&uid=st9500325as_6vem9zc8xxxx6vem9zc8&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&ts=1447876706&z=6ad571d02e26a7c48202486gez5z0mdb3m0q0m9e2q&from=cornl&uid=st9500325as_6vem9zc8xxxx6vem9zc8&q={searchTerms}
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8&q={searchTerms}
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8&q={searchTerms}
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3482904197-1623156157-3889320653-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3482904197-1623156157-3889320653-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1447100000&z=2e7c43b976f30587ca34c17g6zdz1m3ebtet3m7g7w&from=cor&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449728859&z=74301dfbfaa301664d9695dg2z7z7t6mdobbcbew1b&from=ient07021&uid=ST9500325AS_6VEM9ZC8XXXX6VEM9ZC8
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\cn4nbfst.default\extensions\defsearchp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\cn4nbfst.default\extensions\deskCutv2@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\cn4nbfst.default\extensions\yahooprotected@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\cn4nbfst.default\extensions\default_newtabff@gmail.com
Task: {C417ADC0-BA55-4208-98CD-EF001590B2CA} - System32\Tasks\{4E0F8A68-B219-4EEA-B730-BB9BE4D2B318} => pcalua.exe -a C:\Users\Marta\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKLM\SOFTWARE\Mozilla\Thunderbird
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\Program Files\Enigma Software Group
RemoveDirectory: C:\Program Files (x86)\SFK
RemoveDirectory: C:\ProgramData\BWdMB
RemoveDirectory: C:\ProgramData\OWMiniProO
RemoveDirectory: C:\ProgramData\Tmp0x0x
RemoveDirectory: C:\Users\Marta\AppData\Roaming\Enigma Software Group
RemoveDirectory: C:\Users\Marta\AppData\Roaming\istartpageing
RemoveDirectory: C:\Users\Marta\AppData\Roaming\TSv
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Marta\Desktop\Marta\Słownik niemiecki\Deutsch Translator XT.lnk
C:\Users\Marta\Desktop\Marta\Słownik niemiecki\Handy Dictionary.lnk
C:\Users\Marta\Desktop\II semestr\ZINTEGROWANE\kuznia\Sprawozdania z rozmów.lnk
C:\Users\Marta\AppData\Roaming\Microsoft\Excel\EAW_6.12304868231595405975\EAW_6.12.xlsx.lnk
C:\Windows\system32\Drivers\EsgScanner.sys
CMD: type C:\Windows\System32\Tasks\{E76C58BA-3AFB-4FF5-A627-2AB20729F993}
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
ihpmServer => service removed successfully
IhPul => service removed successfully
SSFK => Service stopped successfully.
SSFK => service removed successfully
WdMan => service removed successfully
EsgScanner => service removed successfully
C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3482904197-1623156157-3889320653-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => value restored successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C417ADC0-BA55-4208-98CD-EF001590B2CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C417ADC0-BA55-4208-98CD-EF001590B2CA}" => key removed successfully
C:\Windows\System32\Tasks\{4E0F8A68-B219-4EEA-B730-BB9BE4D2B318} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4E0F8A68-B219-4EEA-B730-BB9BE4D2B318}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => key removed successfully
HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => key removed successfully
HKCU\Software\dobreprogramy => key removed successfully
HKLM\SOFTWARE\Mozilla\Thunderbird => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Mozilla\Thunderbird => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird => key removed successfully
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\yoursites123Software => key removed successfully
"C:\Program Files\Enigma Software Group" => removed successfully.
"C:\Program Files (x86)\SFK" => removed successfully.
"C:\ProgramData\BWdMB" => removed successfully.
"C:\ProgramData\OWMiniProO" => removed successfully.
"C:\ProgramData\Tmp0x0x" => removed successfully.
"C:\Users\Marta\AppData\Roaming\Enigma Software Group" => removed successfully.
"C:\Users\Marta\AppData\Roaming\istartpageing" => removed successfully.
"C:\Users\Marta\AppData\Roaming\TSv" => removed successfully.
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
C:\Users\Marta\Desktop\Marta\Słownik niemiecki\Deutsch Translator XT.lnk => moved successfully
C:\Users\Marta\Desktop\Marta\Słownik niemiecki\Handy Dictionary.lnk => moved successfully
C:\Users\Marta\Desktop\II semestr\ZINTEGROWANE\kuznia\Sprawozdania z rozmów.lnk => moved successfully
"C:\Users\Marta\AppData\Roaming\Microsoft\Excel\EAW_6.12304868231595405975\EAW_6.12.xlsx.lnk" => not found.
C:\Windows\system32\Drivers\EsgScanner.sys => moved successfully

=========  type C:\Windows\System32\Tasks\{E76C58BA-3AFB-4FF5-A627-2AB20729F993} =========

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo />
  <Triggers>
    <RegistrationTrigger>
      <Enabled>true</Enabled>
    </RegistrationTrigger>
  </Triggers>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <Duration>PT10M</Duration>
      <WaitTimeout>PT1H</WaitTimeout>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>C:\Users\Marta\Downloads\Pelna wersja ProModel\Pelna wersja ProModel\INSTALL.EXE</Command>
    </Exec>
  </Actions>
  <Principals>
    <Principal id="Author">
      <UserId>Marta-PC\Marta</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
</Task>
========= End of CMD: =========

EmptyTemp: => 9.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:19:06 ====