Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-01-2015 Ran by Sebastian at 2015-01-13 17:00:49 Run:1 Running from C:\scan Loaded Profiles: Sebastian & MSSQL$SQLEXPRESS & MSSQLSERVER (Available profiles: Sebastian & MSSQL$SQLEXPRESS & MSSQLSERVER) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {41424876-B55F-41C3-AC12-DAB5F7D5186A} - System32\Tasks\Installer_iwebar => C:\Users\Sebastian\AppData\Local\Installer\Installiwebar_30162\ins_postInst.exe [2015-01-10] () <==== ATTENTION Task: {D0D69888-BD39-4CE4-B4CA-F6D9ED11375B} - System32\Tasks\Installer_sense => C:\Users\Sebastian\AppData\Local\Installer\Installsense_30162\ins_postInst.exe [2015-01-10] () <==== ATTENTION Task: {1890BEF1-3880-49F3-99CF-3731994B03DD} - System32\Tasks\{DF53375D-67CB-4C6E-B73C-278264DCD672} => Firefox.exe http://ui.skype.com/ui/0/6.9.59.106/pl/abandoninstall?page=tsBing CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=1420903159&from=smt&uid=HitachiXHTS545050B9A300_110110PBN403M7DYXWKEX CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1420903159&from=smt&uid=HitachiXHTS545050B9A300_110110PBN403M7DYXWKEX" CHR DefaultSearchKeyword: Default -> mystartsearch FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\k446gb9g.default\extensions\fftoolbar2014@etech.com FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\S-1-5-21-2966516881-2113031637-2349138176-1000 -> {976C8D33-F7B8-11E3-BBF0-080027009C5E} URL = http://searchinfinitas.com/?affilt=4&q={searchTerms}&id={22EB8586-C3D9-49D1-B940-7FBD249B6E56} SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] C:\Program Files (x86)\Mozilla Firefox\plugins C:\ProgramData\TEMP C:\Users\Sebastian\AppData\Local\CrashRpt C:\Users\Sebastian\AppData\Local\Installer Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SPBIUpd" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowsMangerProtect" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41424876-B55F-41C3-AC12-DAB5F7D5186A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41424876-B55F-41C3-AC12-DAB5F7D5186A}" => Key deleted successfully. C:\Windows\System32\Tasks\Installer_iwebar => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0D69888-BD39-4CE4-B4CA-F6D9ED11375B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0D69888-BD39-4CE4-B4CA-F6D9ED11375B}" => Key deleted successfully. C:\Windows\System32\Tasks\Installer_sense => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1890BEF1-3880-49F3-99CF-3731994B03DD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1890BEF1-3880-49F3-99CF-3731994B03DD}" => Key deleted successfully. C:\Windows\System32\Tasks\{DF53375D-67CB-4C6E-B73C-278264DCD672} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF53375D-67CB-4C6E-B73C-278264DCD672}" => Key deleted successfully. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.1" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. "HKU\S-1-5-21-2966516881-2113031637-2349138176-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{976C8D33-F7B8-11E3-BBF0-080027009C5E}" => Key deleted successfully. HKCR\CLSID\{976C8D33-F7B8-11E3-BBF0-080027009C5E} => Key not found. HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. EagleX64 => Service deleted successfully. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Sebastian\AppData\Local\CrashRpt => Moved successfully. C:\Users\Sebastian\AppData\Local\Installer => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SPBIUpd" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowsMangerProtect" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 756.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:02:25 ====