Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014 Ran by Łukasz at 2014-11-20 21:14:35 Run:1 Running from C:\Users\Łukasz\Downloads Loaded Profile: Łukasz (Available profiles: Łukasz) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {7012eec1-4f37-42d4-a2cd-26727494d248}Gw64; C:\Windows\System32\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}Gw64.sys [48792 2014-10-17] (StdLib) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] Task: {7A43B03D-BDC1-4636-B59C-B2055CB83084} - \AutoKMS No Task File <==== ATTENTION HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3451067720-2788103086-828839546-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141011 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141011 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=181&d=20141011 SearchScopes: HKU\S-1-5-21-3451067720-2788103086-828839546-1002 -> DefaultScope {FB36B692-51DD-4A1F-AD43-783AF1E6F206} URL = SearchScopes: HKU\S-1-5-21-3451067720-2788103086-828839546-1002 -> {045D75F0-107B-4FCB-AD94-7460795E53D9} URL = SearchScopes: HKU\S-1-5-21-3451067720-2788103086-828839546-1002 -> {FB36B692-51DD-4A1F-AD43-783AF1E6F206} URL = FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File C:\Program Files (x86)\mozilla firefox\plugins C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP C:\Windows\System32\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}Gw64.sys Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB36B692-51DD-4A1F-AD43-783AF1E6F206}" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{045D75F0-107B-4FCB-AD94-7460795E53D9}" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. {7012eec1-4f37-42d4-a2cd-26727494d248}Gw64 => Unable to stop service {7012eec1-4f37-42d4-a2cd-26727494d248}Gw64 => Service deleted successfully. esgiguard => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7A43B03D-BDC1-4636-B59C-B2055CB83084}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A43B03D-BDC1-4636-B59C-B2055CB83084}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-3451067720-2788103086-828839546-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-3451067720-2788103086-828839546-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-3451067720-2788103086-828839546-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{045D75F0-107B-4FCB-AD94-7460795E53D9}" => Key deleted successfully. "HKCR\CLSID\{045D75F0-107B-4FCB-AD94-7460795E53D9}" => Key not found. "HKU\S-1-5-21-3451067720-2788103086-828839546-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB36B692-51DD-4A1F-AD43-783AF1E6F206}" => Key deleted successfully. "HKCR\CLSID\{FB36B692-51DD-4A1F-AD43-783AF1E6F206}" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully. C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => Moved successfully. C:\Windows\System32\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}Gw64.sys => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB36B692-51DD-4A1F-AD43-783AF1E6F206}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{045D75F0-107B-4FCB-AD94-7460795E53D9}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 433.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ====