Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015 Ran by Piotr at 2015-04-22 12:07:17 Run:1 Running from C:\Users\Piotr\Desktop Loaded Profiles: Piotr & MSSQL$SQLEXPRESS (Available profiles: Piotr & Administrator & MSSQL$SQLEXPRESS) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: DisableService: esgiguard DisableService: EsgScanner DisableService: SpyHunter 4 Service Task: {59E9AA31-A9CA-4225-9158-17572A448C92} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-01-19] (Enigma Software Group USA, LLC.) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-394100221-3083635422-585930115-1001\Software\Classes\.exe: exefile => <===== ATTENTION! HKU\S-1-5-21-394100221-3083635422-585930115-1001\Software\Classes\exefile: <===== ATTENTION! GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-394100221-3083635422-585930115-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION ==> Default URLSearchHook is missing. StartMenuInternet: IEXPLORE.EXE - iexplore.exe C:\Program Files (x86)\DiscountEexttensi C:\Program Files (x86)\SocialReviver C:\Program Files (x86)\unnisaless C:\Program Files (x86)\Opera C:\ProgramData\{6aa8b13e-f10a-3559-6aa8-8b13ef10c4fb} C:\ProgramData\Malwarebytes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk C:\Users\Piotr\AppData\Local\Opera Software C:\Users\Piotr\AppData\Roaming\Opera Software Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. esgiguard service key not found. EsgScanner service key not found. SpyHunter 4 Service service key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59E9AA31-A9CA-4225-9158-17572A448C92} => Key not found. C:\Windows\System32\Tasks\SpyHunter4Startup not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key not found. MBAMSwissArmy => Service deleted successfully. sbapifs => Service deleted successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully. "HKU\S-1-5-21-394100221-3083635422-585930115-1001\Software\Classes\exefile" => Key deleted successfully. "HKU\S-1-5-21-394100221-3083635422-585930115-1001\Software\Classes\.exe" => Key deleted successfully. HKU\S-1-5-21-394100221-3083635422-585930115-1001\Software\Classes\exefile => Key not found. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-394100221-3083635422-585930115-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. Error setting Default URLSearchHook. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. C:\Program Files (x86)\DiscountEexttensi => Moved successfully. C:\Program Files (x86)\SocialReviver => Moved successfully. C:\Program Files (x86)\unnisaless => Moved successfully. C:\Program Files (x86)\Opera => Moved successfully. C:\ProgramData\{6aa8b13e-f10a-3559-6aa8-8b13ef10c4fb} => Moved successfully. C:\ProgramData\Malwarebytes => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Moved successfully. C:\Users\Piotr\AppData\Local\Opera Software => Moved successfully. C:\Users\Piotr\AppData\Roaming\Opera Software => Moved successfully. ========= reg delete HKCU\Software\Google /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 784.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 12:07:58 ====