Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-05-2014 Ran by girls at 2014-05-10 13:25:07 Run:1 Running from C:\Users\girls\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION Task: {F6EE21D2-B84A-41CB-8025-2C74CAF9464E} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=TOSHIBA_MK3256GSY_Z92NTAB6T__Z92NTAB6T&ts=1350218869 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=6449002622BF5E6A&affID=119357&tsp=4971 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6449002622BF5E6A&affID=119357&tsp=4971 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKCU - {E689A9FB-0A13-4EC3-9E04-FDCB1AE67826} URL = FF SearchPlugin: C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\sxy1wjwt.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\sxy1wjwt.default\searchplugins\delta.xml S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X] S2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 GarenaPEngine; \??\C:\Users\girls\AppData\Local\Temp\VDLC3D0.tmp [X] S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] C:\Users\girls\Downloads\everesthome220(dobreprogramy.pl).exe C:\Users\girls\Downloads\Everest-Home-Edition(11558).exe C:\ProgramData\dhhhkpybvqffylcxivg.bat C:\ProgramData\dhhhkpybvqffylcxivg.reg Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg: Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg: Akamai NetSession Interface" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg: SunJavaUpdateSched" /f ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6EE21D2-B84A-41CB-8025-2C74CAF9464E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6EE21D2-B84A-41CB-8025-2C74CAF9464E} => Key deleted successfully. C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully. HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E689A9FB-0A13-4EC3-9E04-FDCB1AE67826} => Key deleted successfully. HKCR\CLSID\{E689A9FB-0A13-4EC3-9E04-FDCB1AE67826} => Key not found. C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\sxy1wjwt.default\searchplugins\babylon.xml => Moved successfully. C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\sxy1wjwt.default\searchplugins\delta.xml => Moved successfully. BrowserDefendert => Service deleted successfully. postgresql-8.4 => Service deleted successfully. esgiguard => Service deleted successfully. GarenaPEngine => Service deleted successfully. GGSAFERDriver => Service deleted successfully. hwdatacard => Service deleted successfully. hwusbdev => Service deleted successfully. C:\Users\girls\Downloads\everesthome220(dobreprogramy.pl).exe => Moved successfully. C:\Users\girls\Downloads\Everest-Home-Edition(11558).exe => Moved successfully. C:\ProgramData\dhhhkpybvqffylcxivg.bat => Moved successfully. C:\ProgramData\dhhhkpybvqffylcxivg.reg => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg: Adobe Reader Speed Launcher" /f ========= BŁĄD: System nie znalazł w rejestrze określonego klucza albo wartości. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg: Akamai NetSession Interface" /f ========= BŁĄD: System nie znalazł w rejestrze określonego klucza albo wartości. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg: SunJavaUpdateSched" /f ========= BŁĄD: System nie znalazł w rejestrze określonego klucza albo wartości. ========= End of Reg: ========= ==== End of Fixlog ====