Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-09-2014 Ran by Rupert Legge at 2014-10-01 10:56:31 Run:1 Running from C:\Documents and Settings\Rupert Legge\My Documents\Downloads Loaded Profile: Rupert Legge (Available profiles: Rupert Legge) Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=crm&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYIE&apn_uid=8c87baf8-9ef4-4f94-856e-bc35f3211ddf&apn_sauid=1F6E34C2-74E6-4A9A-BADA-7B67DD97DBF5 SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=crm&q={searchTerms}&locale=&apn_ptnrs=6G&apn_dtid=YYYYYYYYIE&apn_uid=8c87baf8-9ef4-4f94-856e-bc35f3211ddf&apn_sauid=1F6E34C2-74E6-4A9A-BADA-7B67DD97DBF5Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X] S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X] S3 MSICPL; \??\D:\install4\MSICPL.sys [X] S3 NTACCESS; \??\D:\NTACCESS.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X] S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X] S3 wanatw; system32\DRIVERS\wanatw4.sys [X] U1 WS2IFSL; No ImagePath C:\spywarebegone C:\Program Files\COMODO C:\WINDOWS\system32\config\COMODO I.evt Task: C:\WINDOWS\Tasks\Express FilesUpdate.job => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION C:\WINDOWS\system32\Drivers\aswsp.sys.1411236888281 EmptyTemp: ***************** "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully. "HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully. "HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key not found. "HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully. "HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully. "HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found. "HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key not found. rpcapd => Service not found. CSN5PDTS82x64 => Service deleted successfully. GMSIPCI => Service not found. MSICPL => Service not found. NTACCESS => Service not found. pccsmcfd => Service deleted successfully. SetupNTGLM7X => Service not found. SSPORT => Service not found. wanatw => Service deleted successfully. WS2IFSL => Service deleted successfully. C:\spywarebegone => Moved successfully. C:\Program Files\COMODO => Moved successfully. C:\WINDOWS\system32\config\COMODO I.evt => Moved successfully. C:\WINDOWS\Tasks\Express FilesUpdate.job => Moved successfully. C:\WINDOWS\Tasks\Go for FilesUpdate.job => Moved successfully. C:\WINDOWS\system32\Drivers\aswsp.sys.1411236888281 => Moved successfully. EmptyTemp: => Removed 226 MB temporary data. The system needed a reboot. ==== End of Fixlog ====