Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2014 Ran by Turek at 2014-08-22 19:31:16 Run:1 Running from C:\Users\Turek\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [61072 2014-08-15] (StdLib) S2 Update ClearThink; "C:\Program Files (x86)\ClearThink\updateClearThink.exe" [X] S2 UpdaterSvcClearThink; "C:\Program Files (x86)\ClearThink\updater.exe" [X] S2 Util ClearThink; "C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe" [X] S1 aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [X] S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0DyCyDtC0C0BzzzzyDtAtN0D0Tzu0CtBtAyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1758152569 SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0B0DyCyDtC0C0BzzzzyDtAtN0D0Tzu0CtBtAyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1758152569 Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" C:\Users\Turek\AppData\Local\WhiteListing C:\Users\Turek\AppData\Roaming\0F1F1C2Y1H1P1C0I0T C:\Users\Turek\Downloads\*(*)*.exe C:\Users\Turek\Downloads\228488-674299-adobe-flash-player.exe C:\Users\Turek\Downloads\installer_adobe_flash_player_Polish.exe C:\Users\Turek\Downloads\installer_adobe_flash_player_Polish (1).exe C:\Users\Turek\Downloads\Advanced-SystemCare-Free(12911).exe.qs9nspb.partial C:\Users\Turek\Downloads\FlvPlayerSetup*.exe C:\Users\Turek\Downloads\Setup*.exe C:\Users\Turek\Downloads\StrongholdAntiMalware*.exe C:\Users\Turek\Downloads\spywarefighter.exe C:\Users\Turek\Downloads\PluginsWhiteListing.dll C:\Windows\system32\PluginsWhiteListing.dll C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys Folder: C:\Update Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PluginsWhiteListing" /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKCU\Software\Google /f EmptyTemp: ***************** {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64 => Service stopped successfully. {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64 => Service deleted successfully. Update ClearThink => Service deleted successfully. UpdaterSvcClearThink => Service deleted successfully. Util ClearThink => Service deleted successfully. aswTdi => Error deleting Service ewusbmbb => Service deleted successfully. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_enumerator => Service deleted successfully. hwdatacard => Service deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VNT => Value not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. "HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9" => Key deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => value deleted successfully. HKCU\Software\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => value deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => Key deleted successfully. "C:\Users\Turek\AppData\Local\WhiteListing" => File/Directory not found. "C:\Users\Turek\AppData\Roaming\0F1F1C2Y1H1P1C0I0T" => File/Directory not found. C:\Users\Turek\Downloads\*(*)*.exe => Moved successfully. C:\Users\Turek\Downloads\228488-674299-adobe-flash-player.exe => Moved successfully. C:\Users\Turek\Downloads\installer_adobe_flash_player_Polish.exe => Moved successfully. "C:\Users\Turek\Downloads\installer_adobe_flash_player_Polish (1).exe" => File/Directory not found. C:\Users\Turek\Downloads\Advanced-SystemCare-Free(12911).exe.qs9nspb.partial => Moved successfully. C:\Users\Turek\Downloads\FlvPlayerSetup*.exe => Moved successfully. C:\Users\Turek\Downloads\Setup*.exe => Moved successfully. C:\Users\Turek\Downloads\StrongholdAntiMalware*.exe => Moved successfully. C:\Users\Turek\Downloads\spywarefighter.exe => Moved successfully. C:\Users\Turek\Downloads\PluginsWhiteListing.dll => Moved successfully. C:\Windows\system32\PluginsWhiteListing.dll => Moved successfully. C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys => Moved successfully. ========================= Folder: C:\Update ======================== 2010-07-04 22:38 - 2010-07-04 22:38 - 0000000 ____D () C:\Update\EP0000221850 2010-07-04 22:38 - 2010-07-04 22:38 - 16800744 _____ (Sony Corporation) C:\Update\EP0000221850\EP0000221850.exe 2010-10-07 21:19 - 2010-10-07 21:19 - 0000000 ____D () C:\Update\EP0000229118 2010-10-07 21:19 - 2010-10-07 21:19 - 6676312 _____ (Sony Corporation) C:\Update\EP0000229118\EP0000229118.exe 2011-05-12 21:16 - 2011-05-12 21:17 - 0000000 ____D () C:\Update\EP0000229335 2011-05-12 21:16 - 2011-05-12 21:17 - 47601576 _____ (Sony Corporation) C:\Update\EP0000229335\EP0000229335.exe 2011-04-13 18:13 - 2011-04-13 18:16 - 0000000 ____D () C:\Update\EP0000247061 2011-04-13 18:13 - 2011-04-13 18:16 - 50204896 _____ (Sony Corporation) C:\Update\EP0000247061\EP0000247061.exe 2013-01-09 11:04 - 2013-01-09 11:11 - 0000000 ____D () C:\Update\EP0000279742 2013-01-09 11:04 - 2013-01-09 11:11 - 38753856 _____ (Sony Corporation) C:\Update\EP0000279742\EP0000279742.exe 2014-08-19 14:47 - 2014-08-19 14:47 - 0000000 ____D () C:\Update\EP0000321150 2014-08-19 14:47 - 2014-08-19 14:47 - 28337776 _____ () C:\Update\EP0000321150\EP0000321150.zipVU! 2014-05-21 09:25 - 2014-05-21 09:25 - 0000000 ____D () C:\Update\EP0000321309 2014-05-21 09:25 - 2014-05-21 09:25 - 1359952 _____ (Sony Corporation) C:\Update\EP0000321309\EP0000321309.exe ====== End of Folder: ====== ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PluginsWhiteListing" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 337 MB temporary data. The system needed a reboot. ==== End of Fixlog ====