Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-01-2014 01 Ran by Admin at 2014-01-02 23:30:53 Run:1 Running from C:\Users\Admin\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [ConvertAd] - C:\Users\Admin\AppData\Local\ConvertAd\ConvertAd.exe SearchScopes: HKLM - DefaultScope value is missing. S1 apqoisgf; \??\C:\Windows\system32\drivers\apqoisgf.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S1 eyftycjy; \??\C:\Windows\system32\drivers\eyftycjy.sys [x] S1 fyvekmjn; \??\C:\Windows\system32\drivers\fyvekmjn.sys [x] S1 inhcwuet; \??\C:\Windows\system32\drivers\inhcwuet.sys [x] C:\Program Files\Enigma Software Group C:\Users\Admin\AppData\Roaming\Bonanza Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard" Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate" Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore" Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA" Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ConvertAd => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. apqoisgf => Service deleted successfully. esgiguard => Service deleted successfully. eyftycjy => Service deleted successfully. fyvekmjn => Service deleted successfully. inhcwuet => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Users\Admin\AppData\Roaming\Bonanza => Moved successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard Id REG_SZ {04653297-8806-4C39-818D-6C0CE2F6001C} Index REG_DWORD 0x3 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate Id REG_SZ {0016B8F6-F11A-43F6-B6D7-36034336EABF} Index REG_DWORD 0x3 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore Id REG_SZ {7C5D6D76-798E-453D-AAD2-F72C4E2EB46E} Index REG_DWORD 0x2 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA Id REG_SZ {DEF62828-17C1-4A8F-BE5E-19ED4A9A6706} Index REG_DWORD 0x3 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab Id REG_SZ {E51102F8-86FA-409E-90C2-83E214B27893} Index REG_DWORD 0x3 ========= End of Reg: ========= ==== End of Fixlog ====