Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-02-2014 Ran by ja at 2014-02-21 16:50:57 Run:1 Running from C:\Users\ja\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - EE258A4D8185445E82FBF0609FC55E3F URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_Z1D5VY5KXXXXZ1D5VY5K&ts=1380481971&type=default&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {7E63F452-74D9-4A41-A6BA-7EE93B227CAF} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN34140332852161217&UM=1 FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File HKLM-x32\...\Run: [HomeKeyLogger] - C:\Program Files (x86)\HomeKeylogger\KeyLogger.exe S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] C:\Program Files\Enigma Software Group C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Key Logger C:\Users\ja\Desktop\Keylogger_downloader-cKQxZISw.exe C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: netsh advfirewall reset ***************** HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\EE258A4D8185445E82FBF0609FC55E3F => Key deleted successfully. HKCR\CLSID\EE258A4D8185445E82FBF0609FC55E3F => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E63F452-74D9-4A41-A6BA-7EE93B227CAF} => Key deleted successfully. HKCR\CLSID\{7E63F452-74D9-4A41-A6BA-7EE93B227CAF} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully. C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HomeKeyLogger => Value deleted successfully. esgiguard => Service deleted successfully. gdrv => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Key Logger" => File/Directory not found. C:\Users\ja\Desktop\Keylogger_downloader-cKQxZISw.exe => Moved successfully. C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully. ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ==== End of Fixlog ====