Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014 Ran by CONSTANSGC at 2014-09-18 20:02:28 Run:1 Running from C:\Users\CONSTANSGC\Desktop Boot Mode: Safe Mode (with Networking) ============================================== Content of fixlist: ***************** DisableService: CLPSLS DisableService: cmdAgent DisableService: cmderd DisableService: cmdGuard DisableService: cmdHlp DisableService: inspect DisableService: McComponentHostService DisableService: SDScannerService DisableService: SDUpdateService DisableService: SDWSCService U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [33512 2014-09-18] () U4 eabfiltr; No ImagePath S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] BootExecute: autocheck autochk * sdnclean.exe HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CLPSLS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" Task: {996AB793-9FE0-4D08-A8E6-12B357B159A8} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup C:\WINDOWS\System32\drivers\TrueSight.sys Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CPA" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desk 365" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lollipop" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ***************** CLPSLS service was disabled cmdAgent service was disabled cmderd service was disabled cmdGuard service was disabled cmdHlp service was disabled inspect service was disabled McComponentHostService service was disabled SDScannerService service was disabled SDUpdateService service was disabled SDWSCService service was disabled TrueSight => Service deleted successfully. eabfiltr => Service deleted successfully. ewusbnet => Service deleted successfully. hwdatacard => Service deleted successfully. taphss6 => Service deleted successfully. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security => value deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CLPSLS" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{996AB793-9FE0-4D08-A8E6-12B357B159A8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{996AB793-9FE0-4D08-A8E6-12B357B159A8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value deleted successfully. C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => Moved successfully. C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => Moved successfully. C:\WINDOWS\System32\drivers\TrueSight.sys => Moved successfully. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CPA" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desk 365" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lollipop" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ==== End of Fixlog ====