Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2014 03 Ran by Aleksandra at 2014-04-27 18:17:47 Run:1 Running from D:\Downloads\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\settings manager\systemk\sysapcrt.dll Task: {38C41DA1-63B8-4A4F-8AD4-ADD8C96F1518} - \QtraxPlayer No Task File <==== ATTENTION Task: {F5A23878-59EA-49AE-BFA3-74A01E3D823C} - \EPUpdater No Task File <==== ATTENTION S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] HKU\S-1-5-21-628482503-715703045-1814460480-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-628482503-715703045-1814460480-1000\...\Policies\Explorer: [] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=476&aid=132&itype=n&ver=12349&tm=329&src=hmp StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=n&ver=12349&tm=329&src=ds&p={searchTerms} FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ C:\Program Files\Enigma Software Group C:\Program Files (x86)\Anvisoft C:\Program Files (x86)\Settings Manager C:\Program Files (x86)\mozilla firefox\plugins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft C:\Users\Aleksandra\Favorites\GG dysk.lnk C:\Users\Aleksandra\AppData\Local\Anvisoft C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete HKCU\Software\Mozilla\SeaMonkey /f ***************** HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38C41DA1-63B8-4A4F-8AD4-ADD8C96F1518} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38C41DA1-63B8-4A4F-8AD4-ADD8C96F1518} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QtraxPlayer => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5A23878-59EA-49AE-BFA3-74A01E3D823C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5A23878-59EA-49AE-BFA3-74A01E3D823C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully. esgiguard => Service deleted successfully. HKU\S-1-5-21-628482503-715703045-1814460480-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully. HKU\S-1-5-21-628482503-715703045-1814460480-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Value deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files (x86)\Anvisoft => Moved successfully. C:\Program Files (x86)\Settings Manager => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\Plugins => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft => Moved successfully. C:\Users\Aleksandra\Favorites\GG dysk.lnk => Moved successfully. C:\Users\Aleksandra\AppData\Local\Anvisoft => Moved successfully. C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully. C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla\SeaMonkey /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====