Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03 Ran by Marysia at 2014-08-25 09:05:02 Run:1 Running from C:\Users\Marysia\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {7D0087AB-800B-4392-9FC3-B60E519DA990} - \BetterMarkIt_wd No Task File <==== ATTENTION Task: {8A84455A-F067-4BAF-B60A-F6E92A8262D3} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{9FB8DB73-DBFA-46B9-95DF-E0989AC7A296}.exe Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{9FB8DB73-DBFA-46B9-95DF-E0989AC7A296}.exe Task: C:\windows\Tasks\BetterMarkIt_wd.job => C:\Program Files (x86)\ver7BetterMarkIt\n3BetterMarkItW.exe <==== ATTENTION S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] HKLM-x32\...\Run: [] => [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-21-2512653839-4141194716-1325753454-1001\...\Run: [] => [X] HKU\S-1-5-21-2512653839-4141194716-1325753454-1001\...\Run: [Gadu-Gadu] => "H:\laptop\c\Program Files\Gadu-Gadu\gg.exe" /tray HKU\S-1-5-21-2512653839-4141194716-1325753454-1001\...\Run: [AdobeBridge] => [X] StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Winamp Toolbar Loader -> {4accc990-3dc7-4456-a734-5cb4b610a7f5} -> C:\Program Files (x86)\Winamp Toolbar\winamppltb.dll No File Toolbar: HKLM-x32 - Winamp Toolbar - {a0b1221c-a3ff-4f7c-a393-dc63af5301e9} - C:\Program Files (x86)\Winamp Toolbar\winamppltb.dll No File Toolbar: HKCU - No Name - {A0B1221C-A3FF-4F7C-A393-DC63AF5301E9} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CustomCLSID: HKU\S-1-5-21-2512653839-4141194716-1325753454-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Marysia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2512653839-4141194716-1325753454-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Marysia\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKCU\...\Firefox\Extensions: [{AB158D8E-E60F-B694-7796-995A3215358A}] - C:\Program Files (x86)\ver7BetterMarkIt\176.xpi CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR Extension: (BetterMarkIt) - C:\Users\Marysia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdlconfflepcimigoplijiocfecfia [2014-08-05] AlternateDataStreams: C:\ProgramData\TEMP:073341D1 C:\windows\SysWOW64\sqlite3.dll Folder: C:\windows\system32\GroupPolicy Folder: C:\windows\SysWOW64\GroupPolicy Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D0087AB-800B-4392-9FC3-B60E519DA990}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D0087AB-800B-4392-9FC3-B60E519DA990}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BetterMarkIt_wd" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A84455A-F067-4BAF-B60A-F6E92A8262D3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A84455A-F067-4BAF-B60A-F6E92A8262D3}" => Key deleted successfully. C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully. C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully. C:\windows\Tasks\BetterMarkIt_wd.job => Moved successfully. vToolbarUpdater18.1.9 => Service deleted successfully. esgiguard => Service deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => Key deleted successfully. HKU\S-1-5-21-2512653839-4141194716-1325753454-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-2512653839-4141194716-1325753454-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Gadu-Gadu => value deleted successfully. HKU\S-1-5-21-2512653839-4141194716-1325753454-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4accc990-3dc7-4456-a734-5cb4b610a7f5}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{4accc990-3dc7-4456-a734-5cb4b610a7f5}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{a0b1221c-a3ff-4f7c-a393-dc63af5301e9} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{a0b1221c-a3ff-4f7c-a393-dc63af5301e9}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A0B1221C-A3FF-4F7C-A393-DC63AF5301E9} => value deleted successfully. "HKCR\CLSID\{A0B1221C-A3FF-4F7C-A393-DC63AF5301E9}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found. "HKU\S-1-5-21-2512653839-4141194716-1325753454-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-2512653839-4141194716-1325753454-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF} => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully. HKCU\Software\Mozilla\Firefox\Extensions\\{AB158D8E-E60F-B694-7796-995A3215358A} => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. C:\Users\Marysia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdlconfflepcimigoplijiocfecfia => Moved successfully. C:\ProgramData\TEMP => ":073341D1" ADS removed successfully. C:\windows\SysWOW64\sqlite3.dll => Moved successfully. ========================= Folder: C:\windows\system32\GroupPolicy ======================== 2014-08-05 16:43 - 2014-08-05 16:43 - 0000127 _____ () C:\windows\system32\GroupPolicy\GPT.INI 2014-08-05 16:43 - 2014-08-14 14:07 - 0000000 ____D () C:\windows\system32\GroupPolicy\Machine 2014-08-05 16:43 - 2014-08-05 16:43 - 0000000 ____D () C:\windows\system32\GroupPolicy\User ====== End of Folder: ====== ========================= Folder: C:\windows\SysWOW64\GroupPolicy ======================== 2014-08-05 16:43 - 2014-08-05 16:43 - 0000011 _____ () C:\windows\SysWOW64\GroupPolicy\gpt.ini ====== End of Folder: ====== ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 15.6 GB temporary data. The system needed a reboot. ==== End of Fixlog ====