Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-05-2014 01 Ran by SpeeD at 2014-05-08 15:40:24 Run:1 Running from C:\Users\SpeeD\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: No Name - {11111111-1111-1111-1111-110411851159} - No File FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File FF Plugin-x32: @live.heroesandgenerals.com/npretox - E:\Heroes & Generals\live\npretoxlive.dll No File S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 usj; \??\E:\EdenEternal\avital\ussjcs64.sys [X] S3 vtany; \??\C:\Windows\vtany.sys [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] C:\Users\SpeeD\AppData\Local\Temp\*.exe C:\Users\SpeeD\AppData\Roaming\Bitcoin C:\Users\SpeeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat C:\Windows\SysWOW64\sqlite3.dll Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppsHat" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dtmcfg" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159} => Key deleted successfully. HKCR\CLSID\{11111111-1111-1111-1111-110411851159} => Key not found. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.116.0 => Key deleted successfully. C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@gamersfirst.com/LiveLauncher => Key deleted successfully. C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@live.heroesandgenerals.com/npretox => Key deleted successfully. E:\Heroes & Generals\live\npretoxlive.dll not found. catchme => Service deleted successfully. EagleX64 => Service deleted successfully. usj => Service deleted successfully. vtany => Service deleted successfully. X6va008 => Service deleted successfully. xhunter1 => Service deleted successfully. C:\Users\SpeeD\AppData\Local\Temp\*.exe => Moved successfully. C:\Users\SpeeD\AppData\Roaming\Bitcoin => Moved successfully. C:\Users\SpeeD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat => Moved successfully. C:\Windows\SysWOW64\sqlite3.dll => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppsHat" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dtmcfg" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====