Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014 Ran by Bartek at 2014-09-24 21:01:14 Run:1 Running from C:\Users\Bartek\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Reg: reg query "HKLM\SYSTEM\CurrentControlSet\Services\.EsetTrialReset" /s S4 .EsetTrialReset; C:\Windows\system32\regedt32.exe [10240 2009-07-14] (Microsoft Corporation) U2 McxSvc; C:\Windows\SysWOW64\wbem\msds.exe [3846241 2013-11-23] () [File not signed] S2 MBAMService; "F:\Malwarebytes' Anti-Malware\mbamservice.exe" [X] S2 StarWindServiceAE; f:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] S3 dump_wmimmc; \??\E:\GRY\MU online global\GameGuard\dump_wmimmc.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X] S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X] S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] U4 WMCoreService; No ImagePath URLSearchHook: HKCU - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://websearch.search-guide.info/?l=1&q={searchTerms}&pid=233&r=2013/11/12&hid=1136661776475716838&lg=EN&cc=PL&unqvl=40 BHO-x32: Blog This in Windows Live v2 -> {3adefb8e-b923-35e6-86e2-2b7841f5d2a7} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File CustomCLSID: HKU\S-1-5-21-1813054588-749713010-1817662991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1813054588-749713010-1817662991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bartek\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Task: {2F17A764-BAF1-4D12-9DAC-F65B1DE800DB} - System32\Tasks\Funmoods => C:\Users\Bartek\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {397CC96C-E6A9-461F-A106-587CAC15BEE6} - System32\Tasks\{7E0CEB6F-0242-45DE-84C4-6F93BF9C3BC0} => Chrome.exe http://www.skype.com/go/downloading?source=installer&ver=6.0.0.126&LastError=-9 Task: {66C9EB6C-4DD2-46E2-BF20-4DB645AC6242} - System32\Tasks\{A14E1A74-5CD1-4F1C-90BA-17E8897D0FF8} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/pl/abandoninstall?page=tsMain Task: {9E9AFFF6-85DB-4CA3-BA20-C124EC1B9240} - System32\Tasks\{C54C7D28-3724-4A30-8264-D9F539BE6104} => Chrome.exe http://www.skype.com/go/downloading?source=installer&ver=5.10.0.114&LastError=-9 C:\Program Files (x86)\*.tmp C:\ProgramData\TEMP C:\Users\Bartek\AppData\Local\mysearchdial-speeddial.crx C:\Users\Bartek\AppData\Local\CRE C:\Users\Bartek\AppData\Roaming\eCyber C:\Users\Bartek\AppData\Roaming\iSafe C:\Users\Bartek\AppData\Roaming\Mozilla C:\Users\Bartek\AppData\Roaming\newnext.me C:\Users\Bartek\AppData\Roaming\op C:\Users\Bartek\AppData\Roaming\systweak C:\Users\Bartek\AppData\Roaming\WinLive C:\Users\AIM C:\Users\Driver C:\Users\Panel C:\Users\Public\*.exe C:\Windows\pss\*.CommonStartup C:\Windows\pss\*.Startup C:\Windows\SysWOW64\sho*.tmp C:\Windows\SysWOW64\wbem\msds.exe C:\Windows\SysWow64\Drivers\StarOpen.sys C:\Windows\system32\drivers\mbam.sys DeleteKey: HKLM\SYSTEM\CurrentControlSet\services\sptd Reg: reg delete HKCU\Software\Google\Chrome\Extensions /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DD87F40-D1BF-755F-D6B4-6022A9FE1099}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0DD87F40-D1BF-755F-D6B4-6022A9FE1099}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. ========= reg query "HKLM\SYSTEM\CurrentControlSet\Services\.EsetTrialReset" /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.EsetTrialReset Type REG_DWORD 0x10 Start REG_DWORD 0x4 ErrorControl REG_DWORD 0x1 ImagePath REG_EXPAND_SZ C:\Windows\system32\regedt32.exe /s C:\Windows\esettrialreset.reg DisplayName REG_SZ Eset Trial Reset ObjectName REG_SZ LocalSystem Description REG_SZ Eset Trial Reset HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.EsetTrialReset\Enum 0 REG_SZ Root\LEGACY_EKRN\0000 Count REG_DWORD 0x1 NextInstance REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.EsetTrialReset\Security Security REG_BINARY 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C00720065006700650064007400330032002E0065007800650020002F007300200043003A005C00570049004E0044004F00570053005C006E006F00640033003200660069007800740065006D0064006F006E006F002E007200650067000000 ========= End of Reg: ========= .EsetTrialReset => Service deleted successfully. McxSvc => Service deleted successfully. MBAMService => Service deleted successfully. StarWindServiceAE => Service deleted successfully. MBAMProtector => Unable to stop service MBAMProtector => Service deleted successfully. StarOpen => Service deleted successfully. cpuz136 => Service deleted successfully. dump_wmimmc => Service deleted successfully. EagleX64 => Service deleted successfully. esgiguard => Service deleted successfully. LgBttPort => Service deleted successfully. lgbusenum => Service deleted successfully. LGVMODEM => Service deleted successfully. RSUSBSTOR => Service deleted successfully. sptd => Service deleted successfully. usbbus => Service deleted successfully. UsbDiag => Service deleted successfully. USBModem => Service deleted successfully. WMCoreService => Service deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully. "HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully. "HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3adefb8e-b923-35e6-86e2-2b7841f5d2a7}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3adefb8e-b923-35e6-86e2-2b7841f5d2a7}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => value deleted successfully. "HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}" => Key not found. "HKU\S-1-5-21-1813054588-749713010-1817662991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-1813054588-749713010-1817662991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F17A764-BAF1-4D12-9DAC-F65B1DE800DB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F17A764-BAF1-4D12-9DAC-F65B1DE800DB}" => Key deleted successfully. C:\Windows\System32\Tasks\Funmoods => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{397CC96C-E6A9-461F-A106-587CAC15BEE6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{397CC96C-E6A9-461F-A106-587CAC15BEE6}" => Key deleted successfully. C:\Windows\System32\Tasks\{7E0CEB6F-0242-45DE-84C4-6F93BF9C3BC0} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E0CEB6F-0242-45DE-84C4-6F93BF9C3BC0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66C9EB6C-4DD2-46E2-BF20-4DB645AC6242}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66C9EB6C-4DD2-46E2-BF20-4DB645AC6242}" => Key deleted successfully. C:\Windows\System32\Tasks\{A14E1A74-5CD1-4F1C-90BA-17E8897D0FF8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A14E1A74-5CD1-4F1C-90BA-17E8897D0FF8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E9AFFF6-85DB-4CA3-BA20-C124EC1B9240}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E9AFFF6-85DB-4CA3-BA20-C124EC1B9240}" => Key deleted successfully. C:\Windows\System32\Tasks\{C54C7D28-3724-4A30-8264-D9F539BE6104} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C54C7D28-3724-4A30-8264-D9F539BE6104}" => Key deleted successfully. "C:\Program Files (x86)\*.tmp" directory move: Could not move "C:\Program Files (x86)\*.tmp" directory. => Scheduled to move on reboot. C:\ProgramData\TEMP => Moved successfully. C:\Users\Bartek\AppData\Local\mysearchdial-speeddial.crx => Moved successfully. C:\Users\Bartek\AppData\Local\CRE => Moved successfully. C:\Users\Bartek\AppData\Roaming\eCyber => Moved successfully. C:\Users\Bartek\AppData\Roaming\iSafe => Moved successfully. C:\Users\Bartek\AppData\Roaming\Mozilla => Moved successfully. C:\Users\Bartek\AppData\Roaming\newnext.me => Moved successfully. C:\Users\Bartek\AppData\Roaming\op => Moved successfully. C:\Users\Bartek\AppData\Roaming\systweak => Moved successfully. C:\Users\Bartek\AppData\Roaming\WinLive => Moved successfully. C:\Users\AIM => Moved successfully. C:\Users\Driver => Moved successfully. C:\Users\Panel => Moved successfully. C:\Users\Public\*.exe => Moved successfully. C:\Windows\pss\*.CommonStartup => Moved successfully. C:\Windows\pss\*.Startup => Moved successfully. C:\Windows\SysWOW64\sho*.tmp => Moved successfully. C:\Windows\SysWOW64\wbem\msds.exe => Moved successfully. C:\Windows\SysWow64\Drivers\StarOpen.sys => Moved successfully. C:\Windows\system32\drivers\mbam.sys => Moved successfully. HKLM\SYSTEM\CurrentControlSet\services\sptd => Key not found. ========= reg delete HKCU\Software\Google\Chrome\Extensions /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DD87F40-D1BF-755F-D6B4-6022A9FE1099}" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0DD87F40-D1BF-755F-D6B4-6022A9FE1099}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= EmptyTemp: => Removed 4.1 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-24 21:04:27)<= "C:\Program Files (x86)\*.tmp" => Directory could not move. ==== End of Fixlog ====