Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015 Ran by user (2015-08-20 14:12:15) Run:1 Running from C:\Users\user\Desktop\logi Loaded Profiles: user (Available Profiles: user) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {525ACBC8-C212-456E-846F-D382EB22C216} - System32\Tasks\GKOu5KI8J0Fu65ilvAMpBHle => C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle.exe <==== ATTENTION 2015-04-19 14:20 - 2015-08-20 09:36 - 0000626 _____ () C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle Task: {539CBE3B-812B-4413-90B5-C4DD482C5674} - \AutoPico Daily Restart -> No File <==== ATTENTION Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgua32.exe" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle.exe C:\Users\user\Downloads\DAEMON-Tools-Lite-12708-dp.zip S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-01-30] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] () C:\Program Files\Enigma Software Group C:\Windows\System32\DRIVERS\EsgScanner.sys S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.) CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{525ACBC8-C212-456E-846F-D382EB22C216}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{525ACBC8-C212-456E-846F-D382EB22C216}" => key removed successfully C:\Windows\System32\Tasks\GKOu5KI8J0Fu65ilvAMpBHle => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GKOu5KI8J0Fu65ilvAMpBHle" => key removed successfully C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{539CBE3B-812B-4413-90B5-C4DD482C5674}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{539CBE3B-812B-4413-90B5-C4DD482C5674}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgua32.exe" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= "C:\Users\user\AppData\Roaming\GKOu5KI8J0Fu65ilvAMpBHle.exe" => File/Folder not found. C:\Users\user\Downloads\DAEMON-Tools-Lite-12708-dp.zip => moved successfully xhunter1 => service removed successfully esgiguard => service removed successfully EsgScanner => service removed successfully "C:\Program Files\Enigma Software Group" folder move: Could not move "C:\Program Files\Enigma Software Group" => Scheduled to move on reboot. C:\Windows\System32\DRIVERS\EsgScanner.sys => moved successfully gupdate => service removed successfully gupdatem => service removed successfully SpyHunter 4 Service => service removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi" => key removed successfully "HKLM\SOFTWARE\Google\Chrome\Extensions\hkhkiakolggnnicallabhkobalpeplpi" => key removed successfully EmptyTemp: => 166.2 MB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-20 14:14:23)<= C:\Program Files\Enigma Software Group => Is moved successfully ==== End of Fixlog 14:14:23 ====