Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015 Ran by Lenovo at 2015-07-25 16:31:23 Run:1 Running from C:\Users\Lenovo\Downloads Loaded Profiles: Lenovo (Available Profiles: Lenovo & Gość) Boot Mode: Normal ============================================== fixlist content: ***************** HKU\S-1-5-21-4188537701-513941089-1413458238-1001\...\Run: [wdroxeywqs] => explorer "http://rhereso.ru/?u...33f26a013b7073"<===== ATTENTION HKU\S-1-5-21-4188537701-513941089-1413458238-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [wdroxeywqs] => explorer "http://rhereso.ru/?u...33f26a013b7073"<===== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF Extension: Sale Clipper - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\7gk4lzu5.default\Extensions\{4f0e5fbd-22db-4514-b224-98fb1a61b808}.xpi [2015-07-24] CHR Extension: (Sale Clipper) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcnnaeninjibhdcknedboclpfkhgjej [2015-07-19] CHR Extension: (Sale Clipper) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odlhikpaegeblidjhkeefjdjegganhpg [2015-07-24] OPR StartupUrls: "hxxp://www.istartsurf.com/?type=hp&ts=1437739863&z=8646412ea6f949ce642b104gczccdm2mccdt1bdo9o&from=corna&uid=ST1000LM024XHN-M101MBB_S2SMJ9BD510074" OPR Extension: (Sale Clipper) - C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\Extensions\odlhikpaegeblidjhkeefjdjegganhpg [2015-07-24] R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-19] (Enigma Software Group USA, LLC.) Task: {9CDB4EF7-2FE7-4078-AA98-22F3C4E15D8E} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-07-19] (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f S4 aswSP; No ImagePath R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-07-19] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-19] () C:\Windows\System32\DRIVERS\EsgScanner.sys S3 AIDA64Driver; \??\F:\AIDA64Portable\App\AIDA64Extreme\kerneld.x64 [X] C:\Users\Lenovo\Downloads\SpyHunter-Installer.exe C:\Users\Lenovo\Downloads\sh-remover (1).exe C:\Windows\System32\Tasks\SpyHunter4Startup C:\Users\Lenovo\Desktop\SpyHunter.lnk C:\Users\Lenovo\AppData\Roaming\Enigma Software Group C:\sh4ldr EmptyTemp: ***************** HKU\S-1-5-21-4188537701-513941089-1413458238-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wdroxeywqs => value removed successfully HKU\S-1-5-21-4188537701-513941089-1413458238-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\wdroxeywqs => value not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully. C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\7gk4lzu5.default\Extensions\{4f0e5fbd-22db-4514-b224-98fb1a61b808}.xpi => moved successfully. C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcnnaeninjibhdcknedboclpfkhgjej => moved successfully. C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odlhikpaegeblidjhkeefjdjegganhpg => moved successfully. Opera StartupUrls removed successfully C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\Extensions\odlhikpaegeblidjhkeefjdjegganhpg => moved successfully. SpyHunter 4 Service => Unable to stop service. SpyHunter 4 Service => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CDB4EF7-2FE7-4078-AA98-22F3C4E15D8E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CDB4EF7-2FE7-4078-AA98-22F3C4E15D8E}" => key removed successfully C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully C:\Program Files\Enigma Software Group => moved successfully. ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= aswSP => service removed successfully esgiguard => Unable to stop service. esgiguard => service removed successfully EsgScanner => service not found. "C:\Windows\System32\DRIVERS\EsgScanner.sys" => File/Folder not found. AIDA64Driver => service removed successfully C:\Users\Lenovo\Downloads\SpyHunter-Installer.exe => moved successfully. C:\Users\Lenovo\Downloads\sh-remover (1).exe => moved successfully. "C:\Windows\System32\Tasks\SpyHunter4Startup" => File/Folder not found. C:\Users\Lenovo\Desktop\SpyHunter.lnk => moved successfully. C:\Users\Lenovo\AppData\Roaming\Enigma Software Group => moved successfully. C:\sh4ldr => moved successfully. EmptyTemp: => 4.3 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 16:32:31 ====