Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015 Ran by Lewy at 2015-05-19 22:14:49 Run:1 Running from D:\DOWNLOADS Loaded Profiles: Lewy & UpdatusUser (Available profiles: Lewy & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKLM\...\Run: [home] => wscript.exe //B "C:\Users\Lewy\AppData\Local\Temp\home.vbe" <===== ATTENTION HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\...\Run: [home] => wscript.exe //B "C:\Users\Lewy\AppData\Local\Temp\home.vbe" <===== ATTENTION HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\...\MountPoints2: {57ddae42-5441-11e3-ad0f-b888e3c62c89} - F:\this_war_of_mine_drmfree.exe HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\...\MountPoints2: {5bdd4433-9e2a-11e4-a46d-b888e3c62c89} - G:\AutoRun.exe HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\...\MountPoints2: {5bdd4440-9e2a-11e4-a46d-b888e3c62c89} - G:\AutoRun.exe HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\...\MountPoints2: {7e6bb080-8e63-11e3-bdb7-b888e3c62c89} - G:\LGAutoRun.exe HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\...\MountPoints2: {cc75f867-4fd1-11e4-be03-9c4e369e63fc} - G:\autorun.exe HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\...\MountPoints2: {cc75f889-4fd1-11e4-be03-9c4e369e63fc} - G:\autorun.exe HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\...\MountPoints2: {ed022f04-84e4-11e3-96ec-9c4e369e63fc} - G:\.\StartModem.exe Startup: C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-05-07] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S3 itnzgnxi; No ImagePath S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] S1 ttnfd; system32\drivers\ttnfd.sys [X] G:\home.vbe G:\*.lnk C:\Windows\system32\Drivers\etc\hosts.ics C:\ProgramData\5185ab0a00002e25 C:\ProgramData\846063261 Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION EmptyTemp: ***************** Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\home => value deleted successfully. HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\Software\Microsoft\Windows\CurrentVersion\Run\\home => value deleted successfully. "HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ddae42-5441-11e3-ad0f-b888e3c62c89}" => Key deleted successfully. HKCR\CLSID\{57ddae42-5441-11e3-ad0f-b888e3c62c89} => Key not found. "HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bdd4433-9e2a-11e4-a46d-b888e3c62c89}" => Key deleted successfully. HKCR\CLSID\{5bdd4433-9e2a-11e4-a46d-b888e3c62c89} => Key not found. "HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bdd4440-9e2a-11e4-a46d-b888e3c62c89}" => Key deleted successfully. HKCR\CLSID\{5bdd4440-9e2a-11e4-a46d-b888e3c62c89} => Key not found. "HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e6bb080-8e63-11e3-bdb7-b888e3c62c89}" => Key deleted successfully. HKCR\CLSID\{7e6bb080-8e63-11e3-bdb7-b888e3c62c89} => Key not found. "HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc75f867-4fd1-11e4-be03-9c4e369e63fc}" => Key deleted successfully. HKCR\CLSID\{cc75f867-4fd1-11e4-be03-9c4e369e63fc} => Key not found. "HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc75f889-4fd1-11e4-be03-9c4e369e63fc}" => Key deleted successfully. HKCR\CLSID\{cc75f889-4fd1-11e4-be03-9c4e369e63fc} => Key not found. "HKU\S-1-5-21-1332373539-1881414760-2737133929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed022f04-84e4-11e3-96ec-9c4e369e63fc}" => Key deleted successfully. HKCR\CLSID\{ed022f04-84e4-11e3-96ec-9c4e369e63fc} => Key not found. C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe => Moved successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. itnzgnxi => Service deleted successfully. EagleX64 => Service deleted successfully. MSICDSetup => Service deleted successfully. NTIOLib_1_0_C => Service deleted successfully. ttnfd => Service deleted successfully. "G:\home.vbe" => File/Directory not found. "G:\*.lnk" => File/Directory not found. C:\Windows\system32\Drivers\etc\hosts.ics => Moved successfully. C:\ProgramData\5185ab0a00002e25 => Moved successfully. C:\ProgramData\846063261 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully. EmptyTemp: => Removed 99.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:14:53 ====