Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-12-2013 Ran by $ at 2013-12-05 19:16:52 Run:1 Running from C:\Users\$\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyServer: localhost:8080 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S3 DAUpdaterSvc; E:\Dragon Age - Origins\bin_ship\daupdatersvc.service.exe [x] S2 matlabserver; C:\MATLAB701\webserver\bin\win32\matlabserver.exe [x] S3 catchme; \??\C:\Users\$\AppData\Local\Temp\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x] S3 RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [x] U3 kgldrpob; \??\C:\Users\$\AppData\Local\Temp\kgldrpob.sys [x] U3 mbr; \??\C:\Users\$\AppData\Local\Temp\mbr.sys [x] Task: {550BB38C-8F34-4D74-B0E6-3A6A449DC4E0} - System32\Tasks\{EAD35FD5-77D5-4446-81CE-F9A9642A1B66} => Chrome.exe http://ui.skype.com/ui/0/5.10.0.116/pl/go/help.faq.installer?LastError=1601 Task: {B0932B1B-B891-43DA-A02E-C1488E268D16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-361691920-1955263522-1173037568-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {C4E4031B-7EEE-46A6-BC39-5B4E6CF36EDF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-361691920-1955263522-1173037568-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe C:\Program Files\ESET C:\Program Files\Trend Micro Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. DAUpdaterSvc => Service deleted successfully. matlabserver => Service deleted successfully. catchme => Service deleted successfully. esgiguard => Service deleted successfully. GGSAFERDriver => Service deleted successfully. RivaTuner32 => Service deleted successfully. kgldrpob => Service not found. mbr => Service not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{550BB38C-8F34-4D74-B0E6-3A6A449DC4E0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{550BB38C-8F34-4D74-B0E6-3A6A449DC4E0} => Key deleted successfully. C:\Windows\System32\Tasks\{EAD35FD5-77D5-4446-81CE-F9A9642A1B66} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EAD35FD5-77D5-4446-81CE-F9A9642A1B66} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0932B1B-B891-43DA-A02E-C1488E268D16} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0932B1B-B891-43DA-A02E-C1488E268D16} => Key deleted successfully. C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-361691920-1955263522-1173037568-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-361691920-1955263522-1173037568-1000 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4E4031B-7EEE-46A6-BC39-5B4E6CF36EDF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4E4031B-7EEE-46A6-BC39-5B4E6CF36EDF} => Key deleted successfully. C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-361691920-1955263522-1173037568-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-361691920-1955263522-1173037568-1000 => Key deleted successfully. C:\Program Files\ESET => Moved successfully. C:\Program Files\Trend Micro => Moved successfully. ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====