Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Andrew at 2015-04-06 00:32:00 Run:1
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available profiles: UpdatusUser & Andrew)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\YAC.lnk -> C:\Program Files (x86)\Elex-tech\YAC\iStart.exe
C:\Program Files (x86)\Elex-tech
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
Shortcut: C:\Users\Andrew\Desktop\SpyHunter.lnk -> C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files (x86)\Enigma Software Group
Shortcut: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk -> C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
ShortcutWithArgument: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /X {4FC9DA9D-F608-454E-8191-D7EFFDCC5726}
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" /f
Shortcut: C:\Users\Public\Desktop\YAC.lnk -> C:\Program Files (x86)\Elex-tech\YAC\iStart.exe (Elex do Brasil Participaçoes Ltda)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\uninstall.lnk -> C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe (Elex do Brasil Participaçoes Ltda) -> -uninst
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\YAC Desktop.lnk -> C:\Program Files (x86)\Elex-tech\YAC\iDesk.exe () -> -lnk
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\YAC Wifi.lnk -> C:\Program Files (x86)\Elex-tech\YAC\YacWifi.exe (Elex do Brasil Participaçoes Ltda) -> /startmenu
Task: {402ECAC4-453D-42F2-8C79-CA32FFEEB95A} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-04-05] (Enigma Software Group USA, LLC.)
Task: {635A788E-667E-42D2-9D69-3A66F62EC223} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {8855519E-1F9A-4E4C-909A-906FFCDF41D5} - \NAPSTAT No Task File <==== ATTENTION
Task: {96A75282-A1A9-4385-A637-943097F9CB99} - System32\Tasks\{F78427F7-D0C9-4161-9312-7B7E9B82A122} => pcalua.exe -a C:\Users\Andrew\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=obw
Task: {E4432BE5-2117-4949-AB43-A67596F33A8B} - \FoxTab No Task File <==== ATTENTION
C:\Users\Andrew\AppData\Roaming\D0D66880-1428240119-11E2-B2A5-317CD4B82100\nsk62DD.tmp
C:\Users\Andrew\AppData\Roaming\D0D66880-1428240119-11E2-B2A5-317CD4B82100\jnsmD2AD.tmp
C:\Users\Andrew\AppData\Roaming\D0D66880-1428240119-11E2-B2A5-317CD4B82100
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-03-20] (Elex do Brasil Participaçoes Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-03-20] (Elex do Brasil Participaçoes Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-03-20] (Elex do Brasil Participaçoes Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-03-20] (Elex do Brasil Participaçoes Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-03-20] (Elex do Brasil Participaçoes Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-02-15] (Elex do Brasil Participaçoes Ltda)
S1 innfd_1_10_0_13; system32\drivers\innfd_1_10_0_13.sys [X]
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
C:\Users\Andrew\AppData\Roaming\Elex-tech
C:\Program Files (x86)\Elex-tech
C:\Users\Andrew\AppData\Roaming\eCyber
C:\Users\Andrew\Downloads\yet_another_cleaner_sk_3047707.exe
C:\WINDOWS\System32\Tasks\SpyHunter4Startup
C:\spyhunter.fix
C:\Users\Andrew\AppData\Local\nsqB51.tmp
C:\Users\Andrew\AppData\Roaming\AnyProtectEx
C:\sh4ldr
C:\Users\Andrew\AppData\Local\foxtab_speeddial.crx
C:\Users\Andrew\AppData\Local\nsf11A3.tmp
C:\Users\Andrew\AppData\Local\nsq73D0.tmp
C:\Users\Andrew\AppData\Local\nsqB51.tmp
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
R3 riwijelo; C:\Users\Andrew\AppData\Roaming\D0D66880-1428240119-11E2-B2A5-317CD4B82100\nsk62DD.tmp
S3 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
R3 xyhigysy; C:\Users\Andrew\AppData\Roaming\D0D66880-1428240119-11E2-B2A5-317CD4B82100\jnsmD2AD.tmp
FF Extension: FF Toolbar - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\Extensions\fftoolbar2014@etech.com [2015-04-05]
FF Extension: Fast Start - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\Extensions\istart_ffnt@gmail.com [2015-04-05]
FF Extension: Search Enginer - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\Extensions\searchengine@gmail.com [2015-04-05]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\extensions\istart_ffnt@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\extensions\fftoolbar2014@etech.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{11aac89e-b2d9-4b81-bbed-d6f784098f3a} <======= ATTENTION (Policy Restriction on IP)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKU\S-1-5-21-1735395495-2726210869-181527219-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe
EmptyTemp:
*****************

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\YAC.lnk -> C:\Program Files (x86)\Elex-tech\YAC\iStart.exe => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\Elex-tech" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC" => File/Directory not found.
Shortcut: C:\Users\Andrew\Desktop\SpyHunter.lnk -> C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Enigma Software Group => Moved successfully.
Shortcut: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk -> C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe => Error: No automatic fix found for this entry.
"C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => File/Directory not found.
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk => File not found.

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

Shortcut: C:\Users\Public\Desktop\YAC.lnk -> C:\Program Files (x86)\Elex-tech\YAC\iStart.exe (Elex do Brasil Participaçoes Ltda) => Error: No automatic fix found for this entry.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\uninstall.lnk => File not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\YAC Desktop.lnk => File not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC\YAC Wifi.lnk => File not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{402ECAC4-453D-42F2-8C79-CA32FFEEB95A} => Key not found. 
C:\Windows\System32\Tasks\SpyHunter4Startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{635A788E-667E-42D2-9D69-3A66F62EC223}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{635A788E-667E-42D2-9D69-3A66F62EC223}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8855519E-1F9A-4E4C-909A-906FFCDF41D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8855519E-1F9A-4E4C-909A-906FFCDF41D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NAPSTAT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96A75282-A1A9-4385-A637-943097F9CB99}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96A75282-A1A9-4385-A637-943097F9CB99}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F78427F7-D0C9-4161-9312-7B7E9B82A122} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F78427F7-D0C9-4161-9312-7B7E9B82A122}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4432BE5-2117-4949-AB43-A67596F33A8B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4432BE5-2117-4949-AB43-A67596F33A8B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" => Key deleted successfully.
"C:\Users\Andrew\AppData\Roaming\D0D66880-1428240119-11E2-B2A5-317CD4B82100\nsk62DD.tmp" => File/Directory not found.
C:\Users\Andrew\AppData\Roaming\D0D66880-1428240119-11E2-B2A5-317CD4B82100\jnsmD2AD.tmp => Moved successfully.
C:\Users\Andrew\AppData\Roaming\D0D66880-1428240119-11E2-B2A5-317CD4B82100 => Moved successfully.
iSafeKrnl => Service not found.
iSafeKrnlBoot => Service not found.
iSafeKrnlKit => Service not found.
iSafeKrnlMon => Service deleted successfully.
iSafeKrnlR3 => Service not found.
iSafeNetFilter => Service not found.
innfd_1_10_0_13 => Service deleted successfully.

========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========

C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys => Moved successfully.
"C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys" => File/Directory not found.
"C:\Users\Andrew\AppData\Roaming\Elex-tech" => File/Directory not found.
"C:\Program Files (x86)\Elex-tech" => File/Directory not found.
"C:\Users\Andrew\AppData\Roaming\eCyber" => File/Directory not found.
"C:\Users\Andrew\Downloads\yet_another_cleaner_sk_3047707.exe" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\SpyHunter4Startup" => File/Directory not found.
C:\spyhunter.fix => Moved successfully.
C:\Users\Andrew\AppData\Local\nsqB51.tmp => Moved successfully.
C:\Users\Andrew\AppData\Roaming\AnyProtectEx => Moved successfully.
C:\sh4ldr => Moved successfully.
C:\Users\Andrew\AppData\Local\foxtab_speeddial.crx => Moved successfully.
C:\Users\Andrew\AppData\Local\nsf11A3.tmp => Moved successfully.
C:\Users\Andrew\AppData\Local\nsq73D0.tmp => Moved successfully.
"C:\Users\Andrew\AppData\Local\nsqB51.tmp" => File/Directory not found.
iSafeService => Service not found.
riwijelo => Service not found.
SpyHunter 4 Service => Service not found.
xyhigysy => Unable to stop service
xyhigysy => Service deleted successfully.
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\Extensions\fftoolbar2014@etech.com => Moved successfully.
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\Extensions\istart_ffnt@gmail.com => Moved successfully.
C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\558swsb8.default\Extensions\searchengine@gmail.com => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\searchengine@gmail.com => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\istart_ffnt@gmail.com => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
HKU\S-1-5-21-1735395495-2726210869-181527219-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.
"C:\Users\Andrew\AppData\Local\Akamai\netsession_win.exe" => File/Directory not found.
EmptyTemp: => Removed 576.9 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 00:32:26 ====