Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Misa at 2014-04-05 20:12:01 Run:1 Running from C:\Users\Misa\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-2612925166-1525020595-3053403785-1000\...\Run: [Power2GoExpress] - NA StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {9CC28BC8-33A4-40B3-B4A2-C0CE6C695046} URL = http://search.aol.pl/aol/search?s_it=tb50winamp&q={searchTerms}der) BHO-x32: Winamp Toolbar Loader - {4accc990-3dc7-4456-a734-5cb4b610a7f5} - C:\Program Files (x86)\Winamp Toolbar\winamppltb.dll (AOL Inc.) BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File Toolbar: HKLM-x32 - Winamp Toolbar - {a0b1221c-a3ff-4f7c-a393-dc63af5301e9} - C:\Program Files (x86)\Winamp Toolbar\winamppltb.dll (AOL Inc.) Toolbar: HKCU - No Name - {A0B1221C-A3FF-4F7C-A393-DC63AF5301E9} - No File C:\Program Files (x86)\mozilla firefox\plugins S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] C:\Program Files\Enigma Software Group C:\Users\Misa\AppData\Roaming\mozilla\Firefox\Profiles\ow1orbqt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} C:\Users\Misa\AppData\Roaming\mozilla\firefox\profiles\ow1orbqt.default\searchplugins\aol-search.xml C:\Users\Misa\AppData\Roaming\mozilla\firefox\profiles\ow1orbqt.default\searchplugins\winamp-web-search.xml C:\Users\Misa\AppData\Roaming\mozilla\firefox\profiles\ow1orbqt.default\searchplugins\wyszukiwarka-aol.xml C:\Users\Misa\AppData\Roaming\ASUS WebStorage C:\Users\Misa\AppData\Roaming\Systweak C:\Users\Misa\Downloads\SpyHunter-Installer.exe C:\Users\Misa\Downloads\SpyHunter 4.12.13.4202 C:\Users\Misa\Downloads\SpyHunter 4.12.13.4202.rar C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP ***************** HKU\S-1-5-21-2612925166-1525020595-3053403785-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => Value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CC28BC8-33A4-40B3-B4A2-C0CE6C695046} => Key deleted successfully. HKCR\CLSID\{9CC28BC8-33A4-40B3-B4A2-C0CE6C695046} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4accc990-3dc7-4456-a734-5cb4b610a7f5} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{4accc990-3dc7-4456-a734-5cb4b610a7f5} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{a0b1221c-a3ff-4f7c-a393-dc63af5301e9} => Value deleted successfully. HKCR\Wow6432Node\CLSID\{a0b1221c-a3ff-4f7c-a393-dc63af5301e9} => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A0B1221C-A3FF-4F7C-A393-DC63AF5301E9} => Value deleted successfully. HKCR\CLSID\{A0B1221C-A3FF-4F7C-A393-DC63AF5301E9} => Key not found. C:\Program Files (x86)\Mozilla Firefox\plugins => Moved successfully. catchme => Service deleted successfully. esgiguard => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\ow1orbqt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Moved successfully. C:\Users\Misa\AppData\Roaming\mozilla\firefox\profiles\ow1orbqt.default\searchplugins\aol-search.xml => Moved successfully. C:\Users\Misa\AppData\Roaming\mozilla\firefox\profiles\ow1orbqt.default\searchplugins\winamp-web-search.xml => Moved successfully. C:\Users\Misa\AppData\Roaming\mozilla\firefox\profiles\ow1orbqt.default\searchplugins\wyszukiwarka-aol.xml => Moved successfully. C:\Users\Misa\AppData\Roaming\ASUS WebStorage => Moved successfully. C:\Users\Misa\AppData\Roaming\Systweak => Moved successfully. C:\Users\Misa\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Misa\Downloads\SpyHunter 4.12.13.4202 => Moved successfully. C:\Users\Misa\Downloads\SpyHunter 4.12.13.4202.rar => Moved successfully. C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully. C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP => Moved successfully. ==== End of Fixlog ====