Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014 Ran by Nergetto at 2014-11-06 21:32:45 Run:1 Running from C:\Users\Nergetto\Desktop Loaded Profile: Nergetto (Available profiles: Nergetto) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R1 {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64; C:\Windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys [48784 2014-10-06] (StdLib) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S4 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [X] S3 MSICDSetup; \??\H:\CDriver64.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found () Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Task: {5976D8FB-32EA-42BC-A4DC-BB1EEC49403D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION CustomCLSID: HKU\S-1-5-21-357157574-974508199-1160413659-1000_Classes\CLSID\{CB58FF31-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> G:\PROGRA~2\WEBDES~1\WEBDES~1\WEBDES~1.EXE No File CustomCLSID: HKU\S-1-5-21-357157574-974508199-1160413659-1000_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> G:\PROGRA~2\WEBDES~1\WEBDES~1\WEBDES~1.EXE No File HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-357157574-974508199-1160413659-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP84B78B04-3701-44A0-ADCF-83E85FECEEF9&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml C:\ProgramData\TEMP C:\Users\xxxxx\AppData\Roaming\AVG C:\Users\xxxxx\AppData\Roaming\OpenCandy C:\Windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys C:\Windows\SysWow64\Drivers\StarOpen.sys Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer" /f Reg: reg delete "HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer" /f Reg: reg delete "HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer" /f EmptyTemp: ***************** Processes closed successfully. {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64 => Unable to stop service {be5bf058-a067-4076-8c2e-22b9345a0260}Gw64 => Service deleted successfully. StarOpen => Service deleted successfully. Bonjour Service => Service deleted successfully. MSICDSetup => Service deleted successfully. xhunter1 => Service deleted successfully. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog entry 000000000007 => Deleted successfully. Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5976D8FB-32EA-42BC-A4DC-BB1EEC49403D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5976D8FB-32EA-42BC-A4DC-BB1EEC49403D}" => Key deleted successfully. C:\Windows\System32\Tasks\LaunchSignup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully. "HKU\S-1-5-21-357157574-974508199-1160413659-1000_Classes\CLSID\{CB58FF31-2539-11D0-BDEE-0020AFE14B84}" => Key deleted successfully. "HKU\S-1-5-21-357157574-974508199-1160413659-1000_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-357157574-974508199-1160413659-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml => Moved successfully. C:\ProgramData\TEMP => Moved successfully. "C:\Users\xxxxx\AppData\Roaming\AVG" => File/Directory not found. "C:\Users\xxxxx\AppData\Roaming\OpenCandy" => File/Directory not found. C:\Windows\System32\drivers\{be5bf058-a067-4076-8c2e-22b9345a0260}Gw64.sys => Moved successfully. C:\Windows\SysWow64\Drivers\StarOpen.sys => Moved successfully. ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer" /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= EmptyTemp: => Removed 506.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ====