Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-01-2015 Ran by dkoloszc at 2015-01-07 07:51:53 Run:1 Running from C:\Users\dkoloszc\Desktop\FRST Loaded Profile: dkoloszc (Available profiles: Dominik Koloszczyk & dkoloszc) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKU\S-1-5-21-2371548481-2500731307-350997382-1000 -> DefaultScope {410CE52B-292E-4130-8FC8-25C25CE3AE78} URL = SearchScopes: HKU\S-1-5-21-2371548481-2500731307-350997382-1000 -> {410CE52B-292E-4130-8FC8-25C25CE3AE78} URL = SearchScopes: HKU\S-1-5-21-29074177-2114273088-3454551869-225919 -> {6A95B20D-AC62-429B-80C4-8F7230A453FE} URL = S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" C:\Program Files (x86)\BuyuNssaeve C:\Program Files (x86)\Google C:\Program Files (x86)\Smart Coupon C:\Program Files (x86)\YeoutubeAdBlocke C:\ProgramData\honnbmlkkhbafkhachmeccikobmajggh C:\Users\dkoloszc\AppData\Local\Google C:\Users\dkoloszc\AppData\Roaming\eCyber Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A95B20D-AC62-429B-80C4-8F7230A453FE}" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Dell.PowerManager.Service /s EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2371548481-2500731307-350997382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-21-2371548481-2500731307-350997382-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{410CE52B-292E-4130-8FC8-25C25CE3AE78} => Key not found. HKCR\CLSID\{410CE52B-292E-4130-8FC8-25C25CE3AE78} => Key not found. "HKU\S-1-5-21-29074177-2114273088-3454551869-225919\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A95B20D-AC62-429B-80C4-8F7230A453FE}" => Key deleted successfully. HKCR\CLSID\{6A95B20D-AC62-429B-80C4-8F7230A453FE} => Key not found. MBAMSwissArmy => Service deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully. C:\Program Files (x86)\BuyuNssaeve => Moved successfully. C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\Smart Coupon => Moved successfully. C:\Program Files (x86)\YeoutubeAdBlocke => Moved successfully. C:\ProgramData\honnbmlkkhbafkhachmeccikobmajggh => Moved successfully. C:\Users\dkoloszc\AppData\Local\Google => Moved successfully. C:\Users\dkoloszc\AppData\Roaming\eCyber => Moved successfully. ========= reg delete HKCU\Software\Google /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A95B20D-AC62-429B-80C4-8F7230A453FE}" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Dell.PowerManager.Service /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dell.PowerManager.Service Type REG_DWORD 0x10 Start REG_DWORD 0x2 ErrorControl REG_DWORD 0x1 ImagePath REG_EXPAND_SZ C:\Windows\system32\dllhost.exe /Processid:{1FC160EA-3CEA-477D-B472-168F39588909} DisplayName REG_SZ Dell.PowerManager.Service DependOnService REG_MULTI_SZ rpcss ObjectName REG_SZ LocalSystem ========= End of Reg: ========= EmptyTemp: => Removed 360.6 MB temporary data. The system needed a reboot. ==== End of Fixlog 07:52:19 ====