Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015 Ran by Daria at 2015-06-29 21:25:48 Run:4 Running from C:\Users\Daria\Desktop Loaded Profiles: Daria (Available Profiles: Daria) Boot Mode: Normal ============================================== fixlist content: ***************** Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\Methods /s Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0 /s S4 sptd; C:\Windows\System32\Drivers\sptd.sys [845560 2012-09-21] (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\FRST\Quarantine ***************** ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\Methods /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\29114 (domy˜lny) REG_SZ SecureW2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\29114\21 PeerFriendlyName REG_SZ SecureW2 EAP-TTLS PeerDllPath REG_SZ C:\Windows\system32\sw2_ttls.dll Properties REG_DWORD 0x280000 PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311 Name REG_SZ Microsoft HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254\14122 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254\14122\1 PeerFriendlyName REG_SZ Windows Connect Now EAP Peer Properties REG_DWORD 0x848000 PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 PeerRequireConfigUI REG_DWORD 0x1 PeerDllPath REG_EXPAND_SZ %SystemRoot%\System32\WcnEapPeerProxy.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\4413 (domy˜lny) REG_SZ Broadcom HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\4413\21 PeerFriendlyName REG_SZ EAP-TTLS PeerDllPath REG_EXPAND_SZ C:\Windows\system32\bcmttls.dll Properties REG_DWORD 0x102848af PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9 (domy˜lny) REG_SZ Cisco HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9\17 PeerDllPath REG_EXPAND_SZ C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll PeerFriendlyName REG_SZ @C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll,-117 Properties REG_DWORD 0x32c406e PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9\25 PeerDllPath REG_EXPAND_SZ C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll PeerFriendlyName REG_SZ @C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll,-119 Properties REG_DWORD 0x173cd9ff PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9\43 PeerDllPath REG_EXPAND_SZ C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll PeerFriendlyName REG_SZ @C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll,-30119 Properties REG_DWORD 0x173ef9ff PeerInvokeUsernameDialog REG_DWORD 0x0 PeerInvokePasswordDialog REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\9\43\UserData ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0 /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0 DisplayName REG_SZ @%SystemRoot%\system32\PresentationHost.exe,-3309 ErrorControl REG_DWORD 0x1 ImagePath REG_EXPAND_SZ %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe Type REG_DWORD 0x10 Description REG_SZ @%SystemRoot%\system32\PresentationHost.exe,-3310 ObjectName REG_SZ NT Authority\LocalService ServiceSidType REG_DWORD 0x1 FailureActions REG_BINARY 100E000000000000000000000300000014000000010000000000000000000000000000000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0\Security Security REG_BINARY 01001480A0000000AC000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020070000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000000140010000000010100000000000504000000010100000000000512000000010100000000000512000000 ========= End of Reg: ========= sptd => Service removed successfully C:\Windows\System32\Drivers\sptd.sys => moved successfully. "C:\AdwCleaner" => removed successfully. "C:\FRST\Quarantine" => removed successfully. ==== End of Fixlog 21:25:57 ====