Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015 Ran by eafae at 2015-04-13 20:54:45 Run:1 Running from C:\Users\eafae\Desktop\frst Loaded Profiles: eafae (Available profiles: eafae & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Startup: C:\Users\eafae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Worms Armageddon 3.7.0.0 [WinXP-7-8] [cd version].lnk GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com SearchScopes: HKU\S-1-5-21-4040340981-3488949422-2698820681-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X] S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X] C:\ProgramData\{c6a70dd7-bc59-aa1c-c6a7-70dd7bc5375e} C:\ProgramData\15227642091045121029 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR C:\PROGRAM Files (x86)\Google C:\Program Files (x86)\Image Hover C:\Program Files (x86)\LighterGeneration C:\Users\eafae\AppData\Local\Google C:\Users\eafae\AppData\Roaming\appdataFr3.bin C:\Users\eafae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR C:\Windows\system32\bdsandboxuiskin32.dll Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. C:\Users\eafae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Worms Armageddon 3.7.0.0 [WinXP-7-8] [cd version].lnk not found. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-4040340981-3488949422-2698820681-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. CSN5PDTS82 => Service deleted successfully. CSN5PDTS82x64 => Service deleted successfully. C:\ProgramData\{c6a70dd7-bc59-aa1c-c6a7-70dd7bc5375e} => Moved successfully. C:\ProgramData\15227642091045121029 => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR => Moved successfully. C:\PROGRAM Files (x86)\Google => Moved successfully. C:\Program Files (x86)\Image Hover => Moved successfully. C:\Program Files (x86)\LighterGeneration => Moved successfully. C:\Users\eafae\AppData\Local\Google => Moved successfully. C:\Users\eafae\AppData\Roaming\appdataFr3.bin => Moved successfully. C:\Users\eafae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR => Moved successfully. C:\Windows\system32\bdsandboxuiskin32.dll => Moved successfully. ========= reg delete HKCU\Software\Google /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= EmptyTemp: => Removed 9.6 GB temporary data. The system needed a reboot. ==== End of Fixlog 20:55:26 ====