Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Marek at 2015-03-18 19:14:07 Run:2 Running from C:\Users\Marek\Desktop Loaded Profiles: Marek (Available profiles: Marek & Asia) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X] S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-15] () R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] Task: {0AA18C7C-D7C0-4840-BCE9-93C5766AA5BC} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe Task: {0EF68685-8544-4505-8F39-95C7336BD85C} - System32\Tasks\{FC8A38A7-1D09-41E3-8568-302112AEF3C8} => Iexplore.exe http://ui.skype.com/ui/0/6.1.60.129/pl/abandoninstall?page=tsBing Task: {281AEB59-D066-4D12-8056-EB6EABC2B7EB} - System32\Tasks\{FC87CAD8-7887-4240-8EF2-F69EF12FA099} => pcalua.exe -a "C:\Users\Marek\AppData\Roaming\0C1I1L1R1J0M1P0I1G\VuuPC Packages\uninstaller.exe" -c /Uninstall /NM="VuuPC Packages" /AN="0C1I1L1R1J0M1P0I1G" /MBN="VuuPC Packages" Task: {2A29F745-B86C-43B9-9DAB-41A732965D84} - System32\Tasks\Updater26766.exe => C:\Users\Marek\AppData\Local\Updater26766\Updater26766.exe <==== ATTENTION Task: {7F31B7D9-5036-4807-8BC5-F15A9328BF14} - System32\Tasks\{2CC8C255-1946-4129-9906-F2646553B758} => pcalua.exe -a "C:\Program Files (x86)\EStaff\Uninstall\SpXml.exe" Task: {84E7AC55-DF90-498F-A87F-6EF7433F5499} - System32\Tasks\4677 => Wscript.exe C:\Users\Marek\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {88A3A4AE-1BA7-4B7B-BAD0-AD450A78E3B7} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {B41F59A4-DEBC-46BC-9208-988246386E31} - System32\Tasks\{6B9BC0EA-6FB7-4DC4-947C-46195CB786BE} => pcalua.exe -a "c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe" -c -uninstallApp 3457725076.portal.qtrax.com Task: {C37D6B63-467D-4B19-865D-8EFD4E34B0EC} - System32\Tasks\{7C3E2EE4-C097-4033-A809-9846061BC599} => pcalua.exe -a C:\Users\Marek\Desktop\vkaraoke.exe -d C:\Users\Marek\Desktop Task: {D0531B56-E824-4977-9FDE-95C321DAD4C2} - System32\Tasks\{0885DE04-EC57-4556-860F-E8E7701E8EC4} => pcalua.exe -a "C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe" -c /remove /q0 Task: {FDF00679-F413-4634-84D5-B7815D2AA1DC} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION GroupPolicyUsers\S-1-5-21-1229153242-3201741155-1693493588-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1229153242-3201741155-1693493588-1001\User: Group Policy restriction detected <======= ATTENTION HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\Policies\Explorer: [DisallowRun] 0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NAV&pvid=20.4.0.40 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank SearchScopes: HKU\S-1-5-21-1229153242-3201741155-1693493588-1001 -> {1838EEB7-D790-4C38-977B-7610FC411ABC} URL = CHR HomePage: Default -> hxxp://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki CHR StartupUrls: Default -> "hxxp://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki", "hxxp://pl.msn.com/?pc=UP97&ocid=UP97DHP" C:\sh4ldr C:\ProgramData\Ashampoo\YourDeals.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian FLV Player.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk C:\Users\Marek\AppData\Roaming\Enigma Software Group C:\Users\Marek\Downloads\Install Flash_10924_i43986853_il345.exe C:\Users\Marek\Start Menu\Programs\SpyHunter C:\Users\Marek\Stary Laptop\LAPTOP\pulpit\pulpit\Mozilla Firefox.lnk C:\Users\Public\Desktop\Applian FLV Player.lnk C:\Windows\System32\DRIVERS\EsgScanner.sys Reg: reg delete HKCU\Software\Clients\StartMenuInternet\OperaMail /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: ipconfig /flushdns EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. SpyHunter 4 Service => Service not found. EsgScanner => Service not found. esgiguard => Service not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AA18C7C-D7C0-4840-BCE9-93C5766AA5BC} => Key not found. C:\Windows\System32\Tasks\WLANStartup not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WLANStartup => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EF68685-8544-4505-8F39-95C7336BD85C} => Key not found. C:\Windows\System32\Tasks\{FC8A38A7-1D09-41E3-8568-302112AEF3C8} not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC8A38A7-1D09-41E3-8568-302112AEF3C8} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{281AEB59-D066-4D12-8056-EB6EABC2B7EB} => Key not found. C:\Windows\System32\Tasks\{FC87CAD8-7887-4240-8EF2-F69EF12FA099} not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC87CAD8-7887-4240-8EF2-F69EF12FA099} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A29F745-B86C-43B9-9DAB-41A732965D84} => Key not found. C:\Windows\System32\Tasks\Updater26766.exe not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26766.exe => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F31B7D9-5036-4807-8BC5-F15A9328BF14} => Key not found. C:\Windows\System32\Tasks\{2CC8C255-1946-4129-9906-F2646553B758} not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2CC8C255-1946-4129-9906-F2646553B758} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84E7AC55-DF90-498F-A87F-6EF7433F5499} => Key not found. C:\Windows\System32\Tasks\4677 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4677 => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A3A4AE-1BA7-4B7B-BAD0-AD450A78E3B7} => Key not found. C:\Windows\System32\Tasks\SpyHunter4Startup not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B41F59A4-DEBC-46BC-9208-988246386E31} => Key not found. C:\Windows\System32\Tasks\{6B9BC0EA-6FB7-4DC4-947C-46195CB786BE} not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B9BC0EA-6FB7-4DC4-947C-46195CB786BE} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C37D6B63-467D-4B19-865D-8EFD4E34B0EC} => Key not found. C:\Windows\System32\Tasks\{7C3E2EE4-C097-4033-A809-9846061BC599} not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C3E2EE4-C097-4033-A809-9846061BC599} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0531B56-E824-4977-9FDE-95C321DAD4C2} => Key not found. C:\Windows\System32\Tasks\{0885DE04-EC57-4556-860F-E8E7701E8EC4} not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0885DE04-EC57-4556-860F-E8E7701E8EC4} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDF00679-F413-4634-84D5-B7815D2AA1DC} => Key not found. C:\Windows\System32\Tasks\0 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key not found. "C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1229153242-3201741155-1693493588-1004\User" => File/Directory not found. "C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1229153242-3201741155-1693493588-1001\User" => File/Directory not found. HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Run\\KiesPDLR.exe => Value not found. HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Value not found. HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => Value not found. HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value not found. HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found. HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => Value not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1838EEB7-D790-4C38-977B-7610FC411ABC} => Key not found. HKCR\CLSID\{1838EEB7-D790-4C38-977B-7610FC411ABC} => Key not found. Chrome HomePage not detected. Chrome StartupUrls not detected. "C:\sh4ldr" => File/Directory not found. "C:\ProgramData\Ashampoo\YourDeals.exe" => File/Directory not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian FLV Player.lnk" => File/Directory not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk" => File/Directory not found. "C:\Users\Marek\AppData\Roaming\Enigma Software Group" => File/Directory not found. "C:\Users\Marek\Downloads\Install Flash_10924_i43986853_il345.exe" => File/Directory not found. "C:\Users\Marek\Start Menu\Programs\SpyHunter" => File/Directory not found. "C:\Users\Marek\Stary Laptop\LAPTOP\pulpit\pulpit\Mozilla Firefox.lnk" => File/Directory not found. "C:\Users\Public\Desktop\Applian FLV Player.lnk" => File/Directory not found. "C:\Windows\System32\DRIVERS\EsgScanner.sys" => File/Directory not found. ========= reg delete HKCU\Software\Clients\StartMenuInternet\OperaMail /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 9.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 19:15:10 ====