Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by dawid at 2015-04-14 14:58:58 Run:1
Running from C:\Users\Wojciech\Desktop
Loaded Profiles: dawid (Available profiles: dawid)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Startup: C:\Users\Wojciech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download O.S.T.R - Podr&#380; Zwana &#379;yciem _2015_ [mp3@320kbps] Torrent - KickassTorrents.lnk&#379;yciem _2015_ [mp3@320kbps] Torrent - KickassTorrents.exe (No File)
Task: {88D20071-A493-4FF5-8AAE-8C9A24471C2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0614aUpdateInfo.job => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\AVG_REG_0214c.job => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job => C:\ProgramData\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShortcutWithArgument: C:\Users\Wojciech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=sc&ts=1391605310&from=cor&uid=ST9500325AS_S2W8WGT5
ShortcutWithArgument: C:\Users\Wojciech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=sc&ts=1391605310&from=cor&uid=ST9500325AS_S2W8WGT5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-4225948802-2122742746-3075298040-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://here.com
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1391605310&from=cor&uid=ST9500325AS_S2W8WGT5&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
C:\Program Files\Google
C:\Program Files (x86)\Google
C:\ProgramData\{25d3b77b-69e6-e5db-25d3-3b77b69edded}
C:\ProgramData\8700427414304003993
C:\ProgramData\lbgkomjhaeakdlanjamgonacemjokjhe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki
C:\Users\Wojciech\AppData\Local\Google
C:\Users\Wojciech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
Folder: C:\Windows\system32\GroupPolicy
Folder: C:\Windows\SysWOW64\GroupPolicy
Reg: reg delete HKCU\Software\Google /f
Reg: reg delete HKLM\SOFTWARE\Google /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Aff Packages" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:


*****************

Processes closed successfully.
Restore point was successfully created.
esgiguard => Service deleted successfully.
C:\Users\Wojciech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download O.S.T.R - Podr&#380; Zwana &#379;yciem _2015_ [mp3@320kbps] Torrent - KickassTorrents.lnk&#379;yciem _2015_ [mp3@320kbps] Torrent - KickassTorrents.exe (No File) not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88D20071-A493-4FF5-8AAE-8C9A24471C2D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D20071-A493-4FF5-8AAE-8C9A24471C2D}" => Key deleted successfully.
C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => Key deleted successfully.
C:\Windows\Tasks\0215avUpdateInfo.job => Moved successfully.
C:\Windows\Tasks\0614aUpdateInfo.job => Moved successfully.
C:\Windows\Tasks\0814avUpdateInfo.job => Moved successfully.
C:\Windows\Tasks\1114avUpdateInfo.job => Moved successfully.
C:\Windows\Tasks\1214avUpdateInfo.job => Moved successfully.
C:\Windows\Tasks\AVG_REG_0214c.job => Moved successfully.
C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job => Moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
C:\Users\Wojciech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully.
C:\Users\Wojciech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-4225948802-2122742746-3075298040-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"C:\Program Files\Google" => File/Directory not found.
C:\Program Files (x86)\Google => Moved successfully.
C:\ProgramData\{25d3b77b-69e6-e5db-25d3-3b77b69edded} => Moved successfully.
C:\ProgramData\8700427414304003993 => Moved successfully.
C:\ProgramData\lbgkomjhaeakdlanjamgonacemjokjhe => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki => Moved successfully.
C:\Users\Wojciech\AppData\Local\Google => Moved successfully.
C:\Users\Wojciech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line => Moved successfully.

========================= Folder: C:\Windows\system32\GroupPolicy ========================


====== End of Folder: ======


========================= Folder: C:\Windows\SysWOW64\GroupPolicy ========================


====== End of Folder: ======


========= reg delete HKCU\Software\Google /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Google /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Aff Packages" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========

EmptyTemp: => Removed 359.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:00:23 ====