Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Bodek at 2014-03-13 14:37:08 Run:1 Running from C:\Users\Bodek\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.awesomehp.com/?type=sc&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.awesomehp.com/?type=sc&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH&q={searchTerms} SearchScopes: HKCU - {7FEA6D2F-EFFB-4734-9B4B-D208BBD3FE60} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1394699485&from=tt4u&uid=ST9320325AS_5VE5BJYHXXXX5VE5BJYH FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Bodek\AppData\Roaming\Mozilla\Firefox\Profiles\h7ms8dby.default-1392761190972\extensions\quick_start@gmail.com FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 HKLM-x32\...\Run: [ConvertAd] - C:\Users\Bodek\AppData\Local\ConvertAd\ConvertAd.exe HKLM-x32\...\Run: [AnyProtect Tray] - C:\Program Files (x86)\AnyProtectEx\AnyProtectTray.exe /scanner HKLM-x32\...\Run: [AnyProtect] - C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2539544 2014-03-08] () HKLM-x32\...\Run: [fst_pl_78] - [X] HKU\S-1-5-21-1834414664-2364804296-2445386375-1000\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Bodek\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=ea6fe10a60ea47d385d941affc962dd4-bd0144b07d5d888caf3b4d886b6ffa5abbe33463 /CMPID=1213b HKU\S-1-5-21-1834414664-2364804296-2445386375-1000\...\Run: [SpeedUpMyComputer] - C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss HKU\S-1-5-21-1834414664-2364804296-2445386375-1000\...\Run: [FixMyRegistry] - C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss Startup: C:\Users\Bodek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk Task: {24FE8BE8-6286-476D-BCF3-305608B2FAFD} - \Program aktualizacji online firmy Adobe. No Task File Task: {709A11DA-149D-4CCA-8D70-E33EC532BCDD} - System32\Tasks\Funmoods => C:\Users\Bodek\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {7D18DDBB-C691-40AE-8664-F09E0381D2C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000UA => C:\Users\Bodek\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26] (Google Inc.) Task: {87941EAD-7451-4994-99B7-AE181CDA9660} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {A5F6B97D-0DC1-43F2-8C95-31933CD5BDEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000Core => C:\Users\Bodek\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-26] (Google Inc.) Task: C:\Windows\Tasks\Funmoods.job => C:\Users\Bodek\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000Core.job => C:\Users\Bodek\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000UA.job => C:\Users\Bodek\AppData\Local\Google\Update\GoogleUpdate.exe R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] U3 tmlwf; U3 tmwfp; C:\Program Files\Enigma Software Group C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml C:\Program Files (x86)\predm C:\Program Files (x86)\SupTab C:\ProgramData\IePluginService C:\ProgramData\RegClean C:\ProgramData\WPM C:\Users\Bodek\AppData\Local\freeSOFTtoday C:\Users\Bodek\AppData\Local\Google C:\Users\Bodek\AppData\Roaming\awesomehp C:\Users\Bodek\AppData\Roaming\SupTab C:\Users\Bodek\AppData\Roaming\systweak C:\Users\Bodek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software C:\Users\Bodek\Documents\wzptom2a.doc.lnk C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP C:\Windows\system32\roboot64.exe Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f CMD: rd /s /q C:\found.001 CMD: rd /s /q "C:\Users\Bodek\Desktop\Stare dane programu Firefox" Reboot: ***************** C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument was removed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7FEA6D2F-EFFB-4734-9B4B-D208BBD3FE60} => Key deleted successfully. HKCR\CLSID\{7FEA6D2F-EFFB-4734-9B4B-D208BBD3FE60} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully. HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\quick_start@gmail.com => Value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ConvertAd => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Tray => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_pl_78 => Value deleted successfully. HKU\S-1-5-21-1834414664-2364804296-2445386375-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1213b => Value deleted successfully. HKU\S-1-5-21-1834414664-2364804296-2445386375-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedUpMyComputer => Value deleted successfully. HKU\S-1-5-21-1834414664-2364804296-2445386375-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FixMyRegistry => Value deleted successfully. C:\Users\Bodek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24FE8BE8-6286-476D-BCF3-305608B2FAFD} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24FE8BE8-6286-476D-BCF3-305608B2FAFD} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe. => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{709A11DA-149D-4CCA-8D70-E33EC532BCDD} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{709A11DA-149D-4CCA-8D70-E33EC532BCDD} => Key deleted successfully. C:\Windows\System32\Tasks\Funmoods => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D18DDBB-C691-40AE-8664-F09E0381D2C9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D18DDBB-C691-40AE-8664-F09E0381D2C9} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000UA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000UA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87941EAD-7451-4994-99B7-AE181CDA9660} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87941EAD-7451-4994-99B7-AE181CDA9660} => Key deleted successfully. C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5F6B97D-0DC1-43F2-8C95-31933CD5BDEA} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F6B97D-0DC1-43F2-8C95-31933CD5BDEA} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000Core => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000Core => Key deleted successfully. C:\Windows\Tasks\Funmoods.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000Core.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1834414664-2364804296-2445386375-1000UA.job => Moved successfully. esgiguard => Service deleted successfully. MREMP50a64 => Service deleted successfully. MREMPR5 => Service deleted successfully. MRENDIS5 => Service deleted successfully. MRESP50a64 => Service deleted successfully. tmlwf => Service deleted successfully. tmwfp => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml => Moved successfully. C:\Program Files (x86)\predm => Moved successfully. C:\Program Files (x86)\SupTab => Moved successfully. C:\ProgramData\IePluginService => Moved successfully. C:\ProgramData\RegClean => Moved successfully. C:\ProgramData\WPM => Moved successfully. C:\Users\Bodek\AppData\Local\freeSOFTtoday => Moved successfully. C:\Users\Bodek\AppData\Local\Google => Moved successfully. C:\Users\Bodek\AppData\Roaming\awesomehp => Moved successfully. C:\Users\Bodek\AppData\Roaming\SupTab => Moved successfully. C:\Users\Bodek\AppData\Roaming\systweak => Moved successfully. C:\Users\Bodek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software => Moved successfully. C:\Users\Bodek\Documents\wzptom2a.doc.lnk => Moved successfully. C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully. C:\Windows\system32\roboot64.exe => Moved successfully. ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= rd /s /q C:\found.001 ========= ========= End of CMD: ========= ========= rd /s /q "C:\Users\Bodek\Desktop\Stare dane programu Firefox" ========= ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====