Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2014 Ran by Wiki at 2014-01-25 16:54:40 Run:1 Running from C:\Users\Wiki\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyServer: :0 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {1C7E4478-89AC-425E-930B-BA1621C09F19} URL = SearchScopes: HKCU - {5244BBA0-0BB0-4D02-9B73-31B97DA0E5F4} URL = http://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=kw&q={searchTerms}&locale=&apn_ptnrs=AU&apn_dtid=YYYYYYYYPL&apn_uid=f88a341d-a47d-4cfc-a160-78c0f8bdb8e9&apn_sauid=37B1C728-4006-4BD1-834C-E24E76049F08& SearchScopes: HKCU - {EDC1EABF-64C5-48AD-8065-1AF5BF5BD1A0} URL = FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml Task: {A439E2B9-4A02-4EB6-9CBF-D7E33756DF37} - System32\Tasks\{F1E0A289-B1FC-4C69-AAF9-A0753A6EA736} => Firefox.exe S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [59768 2012-07-09] (G Data Software AG) S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-09-07] () R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.) S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.) R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.) S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.) R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.) S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [x] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [x] S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S1 inspect; system32\DRIVERS\inspect.sys [x] S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x] S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x] S3 usbbus; system32\DRIVERS\lgx64bus.sys [x] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x] S3 USBModem; system32\DRIVERS\lgx64modem.sys [x] U2 wuaserv; C:\Program Files\Enigma Software Group C:\Program Files (x86)\Lavasoft C:\Users\Wiki\AppData\Roaming\Ad-Aware Antivirus C:\Users\Wiki\AppData\Roaming\ArcaBit C:\Users\Wiki\AppData\Roaming\ArcaVirMicroScan C:\Users\Wiki\AppData\Roaming\f-secure C:\Windows\System32\drivers\SbFw.sys C:\Windows\System32\DRIVERS\sbfwim.sys C:\Windows\System32\DRIVERS\SBFWIM.sys C:\Windows\System32\drivers\sbhips.sys C:\Windows\System32\drivers\sbtis.sys C:\Windows\System32\Tasks\{B27A2A36-8081-4C05-835E-46C972A5129F} C:\Windows\System32\Tasks\{35686AED-AFA1-4988-98DB-D4650D8ADC6E} C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP Unlock: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C7E4478-89AC-425E-930B-BA1621C09F19} => Key deleted successfully. HKCR\CLSID\{1C7E4478-89AC-425E-930B-BA1621C09F19} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5244BBA0-0BB0-4D02-9B73-31B97DA0E5F4} => Key deleted successfully. HKCR\CLSID\{5244BBA0-0BB0-4D02-9B73-31B97DA0E5F4} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDC1EABF-64C5-48AD-8065-1AF5BF5BD1A0} => Key deleted successfully. HKCR\CLSID\{EDC1EABF-64C5-48AD-8065-1AF5BF5BD1A0} => Key not found. HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A439E2B9-4A02-4EB6-9CBF-D7E33756DF37} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A439E2B9-4A02-4EB6-9CBF-D7E33756DF37} => Key deleted successfully. C:\Windows\System32\Tasks\{F1E0A289-B1FC-4C69-AAF9-A0753A6EA736} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1E0A289-B1FC-4C69-AAF9-A0753A6EA736} => Key deleted successfully. GDPkIcpt => Service deleted successfully. Lavasoft Kernexplorer => Service deleted successfully. SbFw => Service deleted successfully. SBFWIMCL => Service deleted successfully. SBFWIMCLMP => Service deleted successfully. sbhips => Service deleted successfully. SbTis => Service deleted successfully. AndNetDiag => Service deleted successfully. ANDNetModem => Service deleted successfully. andnetndis => Service deleted successfully. catchme => Service deleted successfully. inspect => Service deleted successfully. PCDSRVC{D3412D80-CF3B4A27-06020200}_0 => Service deleted successfully. Prot6Flt => Service deleted successfully. SBRE => Service deleted successfully. usbbus => Service deleted successfully. UsbDiag => Service deleted successfully. USBModem => Service deleted successfully. wuaserv => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Program Files (x86)\Lavasoft => Moved successfully. C:\Users\Wiki\AppData\Roaming\Ad-Aware Antivirus => Moved successfully. C:\Users\Wiki\AppData\Roaming\ArcaBit => Moved successfully. C:\Users\Wiki\AppData\Roaming\ArcaVirMicroScan => Moved successfully. C:\Users\Wiki\AppData\Roaming\f-secure => Moved successfully. C:\Windows\System32\drivers\SbFw.sys => Moved successfully. C:\Windows\System32\DRIVERS\sbfwim.sys => Moved successfully. "C:\Windows\System32\DRIVERS\SBFWIM.sys" => File/Directory not found. C:\Windows\System32\drivers\sbhips.sys => Moved successfully. C:\Windows\System32\drivers\sbtis.sys => Moved successfully. C:\Windows\System32\Tasks\{B27A2A36-8081-4C05-835E-46C972A5129F} => Moved successfully. C:\Windows\System32\Tasks\{35686AED-AFA1-4988-98DB-D4650D8ADC6E} => Moved successfully. C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" => Key unlocked successfully. ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= The system needs a manual reboot. ==== End of Fixlog ====