Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014 Ran by lupus at 2014-11-02 10:49:47 Run:2 Running from C:\Users\lupus\Downloads Loaded Profile: lupus (Available profiles: lupus) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64; C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys [61112 2014-06-27] (StdLib) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-06-30] (StdLib) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [61112 2014-07-12] (StdLib) U4 EIO64; No ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S2 Update NetCrawl; "C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe" [X] HKU\S-1-5-21-4204224380-3008712290-589102612-1000\...\Run: [Yahoo! Search] => C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe [438632 2014-09-20] (Pay By Ads LTD) Task: {19A38E22-9C48-4A7D-A54B-98D65DE74CAB} - System32\Tasks\Yahoo! Search => C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe [2014-09-20] (Pay By Ads LTD) <==== ATTENTION Task: {42AE3AF9-3338-4748-ABB0-73D42891DDD9} - System32\Tasks\CCleanerSkipUAC => D:\cleaner\CCleaner.exe Task: {4D2B4A56-B7BF-4B68-8FA8-D6B96C213FF7} - \VuuPCUpdate No Task File <==== ATTENTION Task: {E4008827-2D5F-4707-A292-53D903540FA9} - \VuuPCUpdateLogin No Task File <==== ATTENTION Task: {ECD0394C-2E45-4565-8CFB-89ADCA862D99} - System32\Tasks\Yahoo! Search Udpater => C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe [2014-09-20] (Pay By Ads LTD) <==== ATTENTION Task: {F7A259D9-3AA4-4BDC-9D7E-E974FE13E115} - System32\Tasks\{77F7012F-8D72-4E17-A708-C03A5A1B15F8} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.154/pl/abandoninstall?source=lightinstaller&page=tsInstall GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na SearchScopes: HKLM-x32 - DefaultScope value is missing. FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File CustomCLSID: HKU\S-1-5-21-4204224380-3008712290-589102612-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\lupus\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-4204224380-3008712290-589102612-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\lupus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-4204224380-3008712290-589102612-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\lupus\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File C:\Users\lupus\AppData\Local\Pay-By-Ads C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys Reg: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search" /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\fst_pl_6_is1 /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC Player GPU+11.041.44" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /s Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /s Reg: reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s Folder: C:\Users\lupus\AppData\Roaming\Opera Software\Opera Stable\Extensions CMD: type "C:\Users\lupus\AppData\Roaming\Opera Software\Opera Stable\Preferences" EmptyTemp: ***************** Processes closed successfully. {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64 => Unable to stop service {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64 => Service deleted successfully. {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64 => Unable to stop service {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64 => Service deleted successfully. {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64 => Unable to stop service {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64 => Service deleted successfully. EIO64 => Service deleted successfully. esgiguard => Service deleted successfully. Update NetCrawl => Service deleted successfully. HKU\S-1-5-21-4204224380-3008712290-589102612-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19A38E22-9C48-4A7D-A54B-98D65DE74CAB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19A38E22-9C48-4A7D-A54B-98D65DE74CAB}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42AE3AF9-3338-4748-ABB0-73D42891DDD9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42AE3AF9-3338-4748-ABB0-73D42891DDD9}" => Key deleted successfully. C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D2B4A56-B7BF-4B68-8FA8-D6B96C213FF7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D2B4A56-B7BF-4B68-8FA8-D6B96C213FF7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VuuPCUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4008827-2D5F-4707-A292-53D903540FA9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4008827-2D5F-4707-A292-53D903540FA9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VuuPCUpdateLogin" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECD0394C-2E45-4565-8CFB-89ADCA862D99}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECD0394C-2E45-4565-8CFB-89ADCA862D99}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search Udpater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Udpater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7A259D9-3AA4-4BDC-9D7E-E974FE13E115}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A259D9-3AA4-4BDC-9D7E-E974FE13E115}" => Key deleted successfully. C:\Windows\System32\Tasks\{77F7012F-8D72-4E17-A708-C03A5A1B15F8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{77F7012F-8D72-4E17-A708-C03A5A1B15F8}" => Key deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.104.0" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.110.0" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.118.0" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.132.0" => Key deleted successfully. "HKU\S-1-5-21-4204224380-3008712290-589102612-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-4204224380-3008712290-589102612-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully. "HKU\S-1-5-21-4204224380-3008712290-589102612-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "C:\Users\lupus\AppData\Local\Pay-By-Ads" directory move: C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\app.ini => Moved successfully. C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\bcbcld28.dll => Moved successfully. C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe => Moved successfully. C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe => Moved successfully. C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\ieds.xml => Moved successfully. C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\res.dll => Moved successfully. C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\rvt.js => Moved successfully. C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\serp.js => Moved successfully. C:\Users\lupus\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\sqlite.dll => Moved successfully. Could not move "C:\Users\lupus\AppData\Local\Pay-By-Ads" directory. => Scheduled to move on reboot. C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys => Moved successfully. C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys => Moved successfully. ========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\fst_pl_6_is1 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC Player GPU+11.041.44" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs blank REG_SZ res://mshtml.dll/blank.htm NoAdd-onsInfo REG_SZ res://ieframe.dll/noaddoninfo.htm InPrivate REG_SZ res://ieframe.dll/inprivate_win7.htm NavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NoAdd-ons REG_SZ res://ieframe.dll/noaddon.htm Home REG_DWORD 0x10e PostNotCached REG_SZ res://ieframe.dll/repost.htm DesktopItemNavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NavigationCanceled REG_SZ res://ieframe.dll/navcancl.htm SecurityRisk REG_SZ res://ieframe.dll/securityatrisk.htm ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs blank REG_SZ res://mshtml.dll/blank.htm NoAdd-onsInfo REG_SZ res://ieframe.dll/noaddoninfo.htm InPrivate REG_SZ res://ieframe.dll/inprivate_win7.htm NavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NoAdd-ons REG_SZ res://ieframe.dll/noaddon.htm Home REG_DWORD 0x10e PostNotCached REG_SZ res://ieframe.dll/repost.htm DesktopItemNavigationFailure REG_SZ res://ieframe.dll/navcancl.htm NavigationCanceled REG_SZ res://ieframe.dll/navcancl.htm SecurityRisk REG_SZ res://ieframe.dll/securityatrisk.htm Tabs REG_SZ http://www.google.com newtab REG_SZ about:tabs ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command (domy˜lny) REG_SZ "C:\Program Files (x86)\Opera\Launcher.exe" ========= End of Reg: ========= ========================= Folder: C:\Users\lupus\AppData\Roaming\Opera Software\Opera Stable\Extensions ======================== Directory Not Found ========= type "C:\Users\lupus\AppData\Roaming\Opera Software\Opera Stable\Preferences" ========= ========= End of CMD: ========= EmptyTemp: => Removed 1.3 GB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-02 11:06:11)<= C:\Users\lupus\AppData\Local\Pay-By-Ads => Is moved successfully. ==== End of Fixlog ====