Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-01-2015 01 Ran by User at 2015-01-14 21:21:16 Run:1 Running from C:\Documents and Settings\User\Pulpit\skan Loaded Profiles: User (Available profiles: User & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R2 d4d75d37; c:\Program Files\CutterInstance\CutterInstance.dll [2149376 2015-01-10] () [File not signed] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKLM\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - C:\DOCUME~1\User\USTAWI~1\Temp\ccex.crx [Not Found] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" C:\unp304179974165017638.mdmp C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\BrotherSoft_Extreme C:\Documents and Settings\User\Dane aplikacji\appdataFr2.bin C:\Documents and Settings\User\Menu Start\Programy\BitLord C:\Documents and Settings\User\Pulpit\Continue FoxTab FLV Player Installation.lnk C:\Documents and Settings\User\Pulpit\2013-03 (mar)\Internet.lnk C:\Documents and Settings\User\Start Menu C:\Program Files\CutterInstance C:\Program Files\Enigma Software Group C:\Program Files\Mozilla Firefox C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\WINDOWS\pss\TornTvDownloader.lnkStartup Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^TornTvDownloader.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TornTv Downloader" /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. d4d75d37 => Service deleted successfully. esgiguard => Service deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully. C:\unp304179974165017638.mdmp => Moved successfully. C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\BrotherSoft_Extreme => Moved successfully. C:\Documents and Settings\User\Dane aplikacji\appdataFr2.bin => Moved successfully. C:\Documents and Settings\User\Menu Start\Programy\BitLord => Moved successfully. C:\Documents and Settings\User\Pulpit\Continue FoxTab FLV Player Installation.lnk => Moved successfully. C:\Documents and Settings\User\Pulpit\2013-03 (mar)\Internet.lnk => Moved successfully. C:\Documents and Settings\User\Start Menu => Moved successfully. C:\Program Files\CutterInstance => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files\Mozilla Firefox => Moved successfully. C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP => Moved successfully. C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. C:\WINDOWS\pss\TornTvDownloader.lnkStartup => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^User^Menu Start^Programy^Autostart^TornTvDownloader.lnk" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TornTv Downloader" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\mozilla.org /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= EmptyTemp: => Removed 888.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 21:22:32 ====