Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01 Ran by KOMP at 2014-11-28 15:21:37 Run:1 Running from G:\fixxxx Loaded Profiles: KOMP & UpdatusUser (Available profiles: KOMP & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Replace: C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe C:\Windows\system32\userinit.exe HKLM\...\Winlogon: [Userinit] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-1868939083-3434912627-837075443-1003\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180&d=20140603 URLSearchHook: HKLM - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File SearchScopes: HKU\S-1-5-21-1868939083-3434912627-837075443-1000 -> DefaultScope {2572BCB9-F51A-4A71-955C-C54FB18D79C1} URL = Toolbar: HKLM - No Name - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File CustomCLSID: HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> No File Path CustomCLSID: HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> No File Path S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38472 2014-03-06] (The OpenVPN Project) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.) S3 519D7259045FA90D; \??\C:\Users\KOMP\AppData\Local\Temp\978C890C.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 HWiNFO32; \??\C:\Users\KOMP\AppData\Local\Temp\HWiNFO32.SYS [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X] S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X] C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com C:\Program Files\mozilla firefox\plugins C:\Users\KOMP\AppData\Roaming\DesktopIconGoodgame C:\Users\KOMP\AppData\Roaming\Fighters C:\Users\KOMP\AppData\Roaming\FreeHideIP C:\Users\KOMP\AppData\Roaming\Imminent C:\Users\KOMP\AppData\Roaming\Opera Software C:\Users\KOMP\AppData\Roaming\Windows C:\Users\KOMP\Downloads\*(*)-dp*.exe C:\Users\KOMP\Downloads\SpyHunter-Installer.exe C:\Windows\System32\DRIVERS\aswTap.sys C:\Windows\System32\DRIVERS\hssdrv6.sys C:\Windows\System32\DRIVERS\taphss6.sys Reg: reg delete HKU\S-1-5-21-1868939083-3434912627-837075443-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKU\S-1-5-21-1868939083-3434912627-837075443-1003\Software\Microsoft\Windows\CurrentVersion\Run /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Could not find C:\Windows\system32\userinit.exe C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe copied successfully to C:\Windows\system32\userinit.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\S-1-5-21-1868939083-3434912627-837075443-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value. "HKU\S-1-5-21-1868939083-3434912627-837075443-1003\Software\Microsoft\Internet Explorer\Main -> Listing permissions failed. Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value deleted successfully. HKU\S-1-5-21-1868939083-3434912627-837075443-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value deleted successfully. "HKCR\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}" => Key not found. "HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}" => Key not found. "HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}" => Key not found. "HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}" => Key not found. "HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. "HKU\S-1-5-21-1868939083-3434912627-837075443-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found. aswTap => Service deleted successfully. HssDRV6 => Service stopped successfully. HssDRV6 => Service deleted successfully. taphss6 => Unable to stop service taphss6 => Service deleted successfully. 519D7259045FA90D => Service deleted successfully. EagleXNt => Service deleted successfully. HWiNFO32 => Service deleted successfully. MBAMSwissArmy => Service deleted successfully. MBAMWebAccessControl => Service deleted successfully. SWDUMon => Service deleted successfully. C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com => Moved successfully. C:\Program Files\mozilla firefox\plugins => Moved successfully. C:\Users\KOMP\AppData\Roaming\DesktopIconGoodgame => Moved successfully. C:\Users\KOMP\AppData\Roaming\Fighters => Moved successfully. C:\Users\KOMP\AppData\Roaming\FreeHideIP => Moved successfully. C:\Users\KOMP\AppData\Roaming\Imminent => Moved successfully. C:\Users\KOMP\AppData\Roaming\Opera Software => Moved successfully. C:\Users\KOMP\AppData\Roaming\Windows => Moved successfully. C:\Users\KOMP\Downloads\*(*)-dp*.exe => Moved successfully. C:\Users\KOMP\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Windows\System32\DRIVERS\aswTap.sys => Moved successfully. C:\Windows\System32\DRIVERS\hssdrv6.sys => Moved successfully. C:\Windows\System32\DRIVERS\taphss6.sys => Moved successfully. ========= reg delete HKU\S-1-5-21-1868939083-3434912627-837075443-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete HKU\S-1-5-21-1868939083-3434912627-837075443-1003\Software\Microsoft\Windows\CurrentVersion\Run /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 133.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====