Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2014
Ran by PC at 2014-05-15 18:28:51 Run:1
Running from C:\Users\PC\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(SecureAssist) C:\Program Files\suprasavings\SecureAssist.exe
R2 SecureAssist; C:\Program Files\SupraSavings\SecureAssist.exe [1558032 2014-03-12] (SecureAssist)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
S3 cleanhlp; D:\Program Files\Nowy folder\Run\cleanhlp64.sys [57024 2014-04-15] (Emsisoft GmbH)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-910083959-2990359175-3200047685-1000\...\Run: [Facebook Update] => "C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
Task: {20D7FACC-0D22-4D69-985D-923E86569BBB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000UA => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4499D05F-1C3C-4562-A06B-81B8DA233D5E} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe [2014-04-13] (Freeven) <==== ATTENTION
Task: {554AEA72-8891-4FAC-8A17-3065E9777BF7} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-13] (Freeven) <==== ATTENTION
Task: {59E4BCD2-D476-4197-AF56-5B74C2E717C7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000Core => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {E34A4B3C-4CB5-410A-B6A3-74756A1D59AC} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe [2014-04-13] (Freeven) <==== ATTENTION
Task: {E7CE2B4A-FFE3-4F79-B61C-35A98977C32F} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {E8030110-E86E-455B-87A4-7C573FC1141D} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe [2014-04-13] (Freeven) <==== ATTENTION
Task: {F6FD5DB0-8A03-4A91-98E3-42E491F9AAF6} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe [2014-04-13] (Freeven) <==== ATTENTION
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000Core.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000UA.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
ProxyServer: 127.0.0.1:8080
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
C:\32788R22FWJFW
C:\Program Files\Enigma Software Group
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
C:\Windows\system32\Drivers\EsgScanner.sys
C:\Windows\SysWow64\SecureAssist.ini
C:\Windows\SysWow64\SecureAssistOff.ini
C:\Windows\SysWow64\unrar.dll
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f
Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CMD: rd /s /q "C:\Users\PC\Desktop\Stare dane programu Firefox"
CMD: netsh winsock reset
Reboot:
*****************

[3372] C:\Program Files\suprasavings\SecureAssist.exe => Process closed successfully.
SecureAssist => Service stopped successfully.
SecureAssist => Service deleted successfully.
SpyHunter 4 Service => Service deleted successfully.
cleanhlp => Service deleted successfully.
EsgScanner => Service deleted successfully.
esgiguard => Service deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-910083959-2990359175-3200047685-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20D7FACC-0D22-4D69-985D-923E86569BBB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20D7FACC-0D22-4D69-985D-923E86569BBB} => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000UA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000UA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4499D05F-1C3C-4562-A06B-81B8DA233D5E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4499D05F-1C3C-4562-A06B-81B8DA233D5E} => Key deleted successfully.
C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{554AEA72-8891-4FAC-8A17-3065E9777BF7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{554AEA72-8891-4FAC-8A17-3065E9777BF7} => Key deleted successfully.
C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59E4BCD2-D476-4197-AF56-5B74C2E717C7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59E4BCD2-D476-4197-AF56-5B74C2E717C7} => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000Core => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000Core => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E34A4B3C-4CB5-410A-B6A3-74756A1D59AC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34A4B3C-4CB5-410A-B6A3-74756A1D59AC} => Key deleted successfully.
C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7CE2B4A-FFE3-4F79-B61C-35A98977C32F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7CE2B4A-FFE3-4F79-B61C-35A98977C32F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8030110-E86E-455B-87A4-7C573FC1141D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8030110-E86E-455B-87A4-7C573FC1141D} => Key deleted successfully.
C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6FD5DB0-8A03-4A91-98E3-42E491F9AAF6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6FD5DB0-8A03-4A91-98E3-42E491F9AAF6} => Key deleted successfully.
C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => Key deleted successfully.
C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job => Moved successfully.
C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job => Moved successfully.
C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job => Moved successfully.
C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job => Moved successfully.
C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-910083959-2990359175-3200047685-1000UA.job => Moved successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55} => Key deleted successfully.
HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => Key deleted successfully.
C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
C:\32788R22FWJFW => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk => Moved successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully.
C:\Windows\system32\Drivers\EsgScanner.sys => Moved successfully.
C:\Windows\SysWow64\SecureAssist.ini => Moved successfully.
C:\Windows\SysWow64\SecureAssistOff.ini => Moved successfully.
C:\Windows\SysWow64\unrar.dll => Moved successfully.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


=========  rd /s /q "C:\Users\PC\Desktop\Stare dane programu Firefox" =========


========= End of CMD: =========


=========  netsh winsock reset =========


Pomy�lnie zresetowano Winsock Catalog.
Musisz ponownie uruchomi� komputer, aby uko�czy� resetowanie.


========= End of CMD: =========



The system needed a reboot. 

==== End of Fixlog ====