Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014 Ran by PC at 2014-12-02 19:17:39 Run:2 Running from C:\Users\PC\Desktop\Nowy folder (2) Loaded Profile: PC (Available profiles: PC & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] HKU\S-1-5-21-1758756441-3301446084-1740205803-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=170 DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Task: {1C4419F4-FF67-4420-BB7E-790B45E0A3A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.) Task: {FD9F6D65-7057-41A8-8636-7DAD4F88C544} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Google C:\Program Files (x86)\Google C:\Users\Administrator\AppData\Local\Google C:\Users\PC\AppData\Local\Google C:\Users\PC\AppData\Roaming\appdataFr2.bin C:\Users\PC\AppData\Roaming\Opera Software C:\Users\PC\Downloads\ChromeSetup*.exe C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP C:\Windows\SysWOW64\GroupPolicy\GPT.INI Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. esgiguard => Service deleted successfully. HKU\S-1-5-21-1758756441-3301446084-1740205803-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C4419F4-FF67-4420-BB7E-790B45E0A3A9}" => Key not found. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD9F6D65-7057-41A8-8636-7DAD4F88C544}" => Key not found. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key not found. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found. "C:\Program Files\Google" => File/Directory not found. C:\Program Files (x86)\Google => Moved successfully. C:\Users\Administrator\AppData\Local\Google => Moved successfully. C:\Users\PC\AppData\Local\Google => Moved successfully. C:\Users\PC\AppData\Roaming\appdataFr2.bin => Moved successfully. C:\Users\PC\AppData\Roaming\Opera Software => Moved successfully. C:\Users\PC\Downloads\ChromeSetup*.exe => Moved successfully. C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => Moved successfully. "C:\Windows\SysWOW64\GroupPolicy\GPT.INI" => File/Directory not found. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 251.8 MB temporary data. The system needed a reboot. ==== End of Fixlog ====