Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by user at 2013-10-22 12:18:51 Run:1 Running from C:\Users\user\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [x] SearchScopes: HKCU - {08B54684-E8CD-4A39-9641-C2E625197320} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511 SearchScopes: HKCU - {CF1F629E-42A3-4124-87B5-01CDB2CCA87C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513 SearchScopes: HKCU - {E0E1065B-2F8A-4DA3-B9F1-AC88A6925D20} URL = http://search.us.com/serp?guid={677F58C1-B208-4943-A041-866F3C5C2828}&action=default_search&serpv=5&k={searchTerms} BHO-x32: LinkSwift - {323420b6-65e5-4657-8106-a27392d4d4aa} - C:\Program Files (x86)\LinkSwift\LinkSwiftbho.dll (LinkSwift) R2 Update LinkSwift; C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe [65312 2013-10-17] (LinkSwift) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] 2013-10-18 15:07 - 2013-10-18 15:07 - 00000000 ____D C:\Program Files (x86)\LinkSwift 2013-10-18 16:41 - 2013-10-18 18:49 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP 2013-10-18 16:41 - 2013-10-18 16:41 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-10-11 13:57 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-10-11 13:56 - 2013-10-19 12:23 - 00000000 ____D C:\ProgramData\AVAST Software 2013-10-11 13:56 - 2013-10-11 13:56 - 00000000 ____D C:\Program Files\AVAST Software 2013-10-11 14:13 - 2013-10-11 14:13 - 00000033 _____ C:\ProgramData\Ef3P7aoZ.dat Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08B54684-E8CD-4A39-9641-C2E625197320} => Key deleted successfully. HKCR\CLSID\{08B54684-E8CD-4A39-9641-C2E625197320} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF1F629E-42A3-4124-87B5-01CDB2CCA87C} => Key deleted successfully. HKCR\CLSID\{CF1F629E-42A3-4124-87B5-01CDB2CCA87C} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E0E1065B-2F8A-4DA3-B9F1-AC88A6925D20} => Key deleted successfully. HKCR\CLSID\{E0E1065B-2F8A-4DA3-B9F1-AC88A6925D20} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323420b6-65e5-4657-8106-a27392d4d4aa} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{323420b6-65e5-4657-8106-a27392d4d4aa} => Key deleted successfully. Update LinkSwift => Service deleted successfully. esgiguard => Service deleted successfully. C:\Program Files (x86)\LinkSwift => Moved successfully. C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Windows\system32\aswBoot.exe => Moved successfully. C:\ProgramData\AVAST Software => Moved successfully. C:\Program Files\AVAST Software => Moved successfully. C:\ProgramData\Ef3P7aoZ.dat => Moved successfully. ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needs a manual reboot. ==== End of Fixlog ====